Next Page >>
ntp
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Network Time Protocol
Packet Vulnerability
Advisory ID: cisco-sa-20090923-ntp
Revision 1.0
For Public Release 2009 September 23
CVE-2008-5515 CVE-2009-0033 CVE-2009-0580
CVE-2009-0781 CVE-2009-0783 CVE-2008-1232
CVE-2008-1947 CVE-2008-2370 CVE-2007-5333
CVE-2007-5342 CVE-2007-5461 CVE-2007-6286
CVE-2008-0002
--- ntp ---
CVE-2009-1252 CVE-2009-0159
--- kernel ---
CVE-2008-3528 CVE-2008-5700 CVE-2009-0028
CVE-2009-0269 CVE-2009-0322 CVE-2009-0675
CVE-2009-0676 CVE-2009-0778 CVE-2008-4307
===========================================================
Ubuntu Security Notice USN-777-1 May 19, 2009
ntp vulnerabilities
CVE-2009-0159, CVE-2009-1252
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-867-1 December 08, 2009
ntp vulnerability
CVE-2009-3563
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
[--Vulnerability Summary--]
Title: Windows NTP Time Server Syslog Monitor 1.0.000 Denial of Service Vulnerability
Product: Windows NTP Time Server Syslog Monitor 1.0.000
Discovered: November 29, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)
Vendor: TimeTools
Vendor URL: http://www.timetools.co.uk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: NTP: Remote execution of arbitrary code
Date: May 26, 2009
Bugs: #263033, #268962
ID: 200905-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0009
Synopsis: ESXi ntp and ESX Service Console third party updates
Issue date: 2010-05-27
Updated on: 2010-05-27 (initial release of advisory)
CVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228
CVE-2009-3286 CVE-2009-3547 CVE-2009-3613
CVE-2009-3612 CVE-2009-3620 CVE-2009-3621
Debian Security Advisory DSA-1908-1 security@debian.org
http://www.debian.org/security/ Nico Golde
December 8th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ntp
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
Debian bug : 560074
CVE ID : CVE-2009-3563
ESX Service Console updates for newt, nfs-utils, and glib2 packages.
vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id,
device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,
bind, expat, openssh, ntp and kernel packages.
2. Relevant releases
VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG,
ESX400-201002406-SG
===========================================================
Ubuntu Security Notice USN-705-1 January 08, 2009
ntp vulnerability
CVE-2009-0021
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Mandriva Linux Security Advisory MDVSA-2009:328
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ntp
Date : December 8, 2009
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ntp: Certificate validation error
Date: April 05, 2009
Bugs: #254098
ID: 200904-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
As an update, Keep track of this thread as well.
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=26289
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Sent: Friday, February 20, 2009 11:01 AM
To: <bugtraq@securityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: NTP: Denial of Service
Date: January 03, 2010
Bugs: #290881
ID: 201001-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
goto :here
Now since the smcgui.exe is running in the user account, It will not be
denied access to.
When the batch file is running, Open the file "c:\Program
Files\Symantec\Symantec Endpoint Protection\symcorpui.exe"
Even if the password has been set or the administrator has disabled the user
to open the GUI, All the conditions will be bypassed.
And as I said before, The Help and Support > Troubleshooting will show the
server as offline for the client and the NTP will not be visible if its
installed.
Debian Security Advisory DSA-1801-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 19, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ntp
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0159 CVE-2009-1252
CERT advisory : VU#853097
Mandriva Linux Security Advisory MDVSA-2009:117
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ntp
Date : May 19, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:11.ntpd Security Advisory
The FreeBSD Project
Topic: ntpd stack-based buffer-overflow vulnerability
Category: contrib
Debian Security Advisory DSA-1702-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
January 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ntp
Vulnerability : interpretation conflict
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0021
Debian Bug : 511227
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01961959
Version: 3
HPSBOV02497 SSRT090245 rev.3 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-17
Last Updated: 2010-05-17
Please note the following. I have reported this to Symantec at
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=25786&view=by_date_ascending&page=2
Symantec,
Mandriva Linux Security Advisory MDVSA-2009:309
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ntp
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
The following packages were identified as affected by the same OpenSSL
vulnerability, as they use OpenSSL EVP_VerifyFinal function and
incorrectly check the return code.
NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development)
Sun GridEngine <= 5.3
Gale <= 0.99
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01961959
Version: 2
HPSBOV02497 SSRT090245 rev.2 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-03-23
Last Updated: 2010-03-26
Rating: Major
Exposure Level Classification:
Remote User Deterministic Denial of Service
Updated Versions:
ntp=conary.rpath.com@rpl:1/4.2.4p8-0.2-1
ntp=conary.rpath.com@rpl:2/4.2.4p8-0.2-1
ntp-utils=conary.rpath.com@rpl:2/4.2.4p8-0.2-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-3193
Mandriva Linux Security Advisory MDVSA-2009:092
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ntp
Date : April 13, 2009
Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
system for which OpenVAS has collected information. OpenVAS 2.0.0 includes
readily available support for Red Hat Enterprise Linux security announcements
as published in OVAL format. OVAL support will expand to further platforms.
* OpenVAS Transfer Protocol (OTP):
A comprehensive audit of the Nessus Transfer Protocol (NTP) resulted in
numerous improvements and fixes and lead to the OpenVAS Transfer Protocol
(OTP). Since NTP support was dropped entirely, the 1.0 and 2.0 series of
OpenVAS Server and Client can not operate in mixed mode.
* Object Identifiers (OIDs):
Mandriva Linux Security Advisory MDVSA-2009:007
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ntp
Date : January 13, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Debian bug : none
CVE ID : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294
Several vulnerabilities have been discovered in chrony, a pair of programs
which are used to maintain the accuracy of the system clock on a computer.
This issues are similar to the NTP security flaw CVE-2009-3563. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0292
chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-10:02.ntpd Security Advisory
The FreeBSD Project
Topic: ntpd mode 7 denial of service
Category: contrib
Next Page>>
|
