Ubuntu USN-705-1 (ntp) Network Vulnerability

Summary

The remote host is missing an update to ntp announced via advisory USN-705-1. It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ntp-refclock 1:4.2.0a+stable-8.1ubuntu6.1 ntp-simple 1:4.2.0a+stable-8.1ubuntu6.1 Ubuntu 7.10: ntp 1:4.2.4p0+dfsg-1ubuntu2.1 Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.1 Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-705-1

Severity

Classification

CVE CVE-2009-0021

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for clamav USN-1482-2
Ubuntu Update for apache2 vulnerabilities USN-1021-1
Ubuntu Update for bogofilter vulnerability USN-980-1
Ubuntu Update for cups, cupsys vulnerabilities USN-952-1
Ubuntu Update for apparmor USN-1676-1

Take action and discover your vulnerabilities