This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
A flaw was discovered in the way the ntpd daemon checked the return
value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks.
Note: This issue only affects systems that have enabled NTP
authentication. By default, NTP authentication is not enabled.
After installing the update, the ntpd daemon will restart
See also :
Update the affected ntp package.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60526 ()
CVE ID: CVE-2009-0021