Solution
Please Install the Updated Packages.
Insight
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)
Note: This issue only affects systems that have enabled NTP authentication.
By default, NTP authentication is not enabled.
All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.
Affected
ntp on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0021 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities