Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-705-1: NTP vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-705-1: NTP vulnerability
# 1  
Old 01-08-2009
USN-705-1: NTP vulnerability
Referenced CVEs:
CVE-2009-0021


Description:
=========================================================== Ubuntu Security Notice USN-705-1 January 08, 2009 ntp vulnerability CVE-2009-0021 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ntp-refclock 1:4.2.0a+stable-8.1ubuntu6.1 ntp-simple 1:4.2.0a+stable-8.1ubuntu6.1 Ubuntu 7.10: ntp 1:4.2.4p0+dfsg-1ubuntu2.1 Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.1 Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. AIX

NTP Information Disclosure Vulnerability

Hi All, How to reslove above Vulnerability,currently we have AIX6.1 OS running,would you please share with me step-by-step procedure Thanks in advance Thanks Murali Muppa (0 Replies)
Discussion started by: 969murali@gmail
0 Replies
Login or Register to Ask a Question

LEARN ABOUT OSF1

ntp.drift

ntp.drift(4)						     Kernel Interfaces Manual						      ntp.drift(4)

NAME

       ntp.drift - Network Time Protocol (NTP) drift file

DESCRIPTION

       When  the  NTP daemon (xntpd) is first started, it computes the error in the intrinsic frequency of the clock on the computer it is running
       on.  This process usually takes about a day or two after the daemon is started to compute a good estimate of this  (and	it  needs  a  good
       estimate to synchronize closely to its server).	Once the initial value is computed, it will change only by relatively small amounts during
       the course of continued operation.

       The driftfile declaration should always be included in the ntp.conf file.  This provides xntpd with complete path name to a file  in  which
       it can store the current value of the frequency error.  That way, if the daemon is stopped and restarted, it can reinitialize itself to the
       previous estimate without spending time recomputing the frequency estimate.

       The ntp.drift file contains one line with the following format: freq_offset flag Specifies the nominal frequency  offset.   DO  NOT  modify
       this  field.  Specifies the method used to improve system clock accuracy.  Specifies that xntpd runs a Phase-Locked Loop (PLL) algorithm to
       keep synchronized with other hosts.  This is the default.  Specifies the use of the  PLL  algorithm  in	the  kernel.   This  requires  the
       NTP_TIME kernel option.	After the option is configured in the kernel, edit the ntp.drift file and change the flag value to 1.

	      See System Administration for information on the NTP_TIME kernel option.

FILES

       Conventional name of the drift file

RELATED INFORMATION

       Commands: ntpdate(8), ntpq(8), xntpd(8), xntpdc(8)

       Files: ntp.conf(4)

       Network Administration, System Administration delim off

																      ntp.drift(4)