OracleVM 2.1 : ntp (OVMSA-2009-0011)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

CVE-2009-0159 Stack-based buffer overflow in the cookedprint function
in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP
servers to execute arbitrary code via a crafted response.

CVE-2009-1252 Stack-based buffer overflow in the crypto_recv function
in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before
4.2.5p74, when OpenSSL and autokey are enabled, allows remote
attackers to execute arbitrary code via a crafted packet containing an
extension field.

CVE-2009-0021 NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does
not properly check the return value from the OpenSSL EVP_VerifyFinal
function, which allows remote attackers to bypass validation of the
certificate chain via a malformed SSL/TLS signature for DSA and ECDSA
keys, a similar vulnerability to CVE-2008-5077.

- fix buffer overflow when parsing Autokey association
message (#500783, CVE-2009-1252)

- fix buffer overflow in ntpq (#500783, CVE-2009-0159)

- fix check for malformed signatures (#479698,
CVE-2009-0021)

- fix selecting multicast interface (#444106)

- disable kernel discipline when -x option is used
(#431729)

- avoid use of uninitialized floating-point values in
clock_select (#250838)

- generate man pages from html source, include config man
pages (#307271)

- add note about paths and exit codes to ntpd man page
(#242925, #246568)

- add section about exit codes to ntpd man page (#319591)

- always return 0 in scriptlets

- pass additional options to ntpdate (#240141)

- fix broadcast client to accept broadcasts on
255.255.255.255 (#226958)

- compile with crypto support on 64bit architectures
(#239580)

- add ncurses-devel to buildrequires (#239580)

- exit with nonzero code if ntpd -q did not set clock
(#240134)

- fix return codes in init script (#240118)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000024.html

Solution :

Update the affected ntp package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79458 ()

Bugtraq ID: 33150
34481
35017

CVE ID: CVE-2008-5077
CVE-2009-0021
CVE-2009-0159
CVE-2009-1252

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now