Fedora Core 9 FEDORA-2009-0547 (ntp) Network Vulnerability

Summary

The remote host is missing an update to ntp announced via advisory FEDORA-2009-0547.

Solution

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update ntp' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0547

Insight

Update Information: This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. ChangeLog: * Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1.fc9 - update to 4.2.4p6 (CVE-2009-0021)

References

https://bugzilla.redhat.com/show_bug.cgi?id=476807

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5077, CVE-2009-0021

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities