This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
CERT reports :
The Network Time Protocol (NTP) provides networked systems with a way
to synchronize time for various services and applications. ntpd
version 4.2.7 and previous versions allow attackers to overflow
several buffers in a way that may allow malicious code to be executed.
ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic
random number generator when generating symmetric keys.
The buffer overflow vulnerabilities in ntpd may allow a remote
unauthenticated attacker to execute arbitrary malicious code with the
privilege level of the ntpd process. The weak default key and
non-cryptographic random number generator in ntp-keygen may allow an
attacker to gain information regarding the integrity checking and
authentication encryption schemes.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5