Summary
This host has NTP installed and is prone to security bypass vulnerability.
Impact
Successful exploitation could allow remote attackers to bypass the certificate validation checks and can cause spoofing attacks via signature checks on DSA and ECDSA keys used with SSL/TLS.
Impact Level: System/Application
Solution
Upgrade to NTP version 4.2.4p6 or 4.2.5p151
http://www.ntp.org/downloads.html
Insight
The flaw is due to improper validation of return value in EVP_VerifyFinal function of openssl.
Affected
NTP version 4.2.4 to 4.2.4p5 and 4.2.5 to 4.2.5p150 on Linux.
References
Severity
Classification
-
CVE CVE-2009-0021 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Remote Desktop Information Disclosure Vulnerability
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Apple Safari Webkit Multiple Vulnerabilities - March 2011