SuSE 11.3 Security Update : ntp (SAT Patch Number 9540)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The NTP time service could have been used for remote denial of service
amplification attacks.

This issue can be fixed by the administrator as we described in our
security advisory SUSE-SA:2014:001:
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.
html

and on

http://support.novell.com/security/cve/CVE-2013-5211.html

This update now also replaces the default ntp.conf template to fix
this problem.

Please note that if you have touched or modified ntp.conf yourself, it
will not be automatically fixed, you need to merge the changes
manually as described.

Additionally the following bug has been fixed :

- ntp start script does not update the
/var/lib/ntp/etc/localtime file if /etc/localtime is a
symlink (bnc#838458)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=838458
https://bugzilla.novell.com/show_bug.cgi?id=857195
http://support.novell.com/security/cve/CVE-2013-5211.html

Solution :

Apply SAT patch number 9540.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 76910 ()

Bugtraq ID:

CVE ID: CVE-2013-5211

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now