SuSE 10 Security Update : xntp (ZYPP Patch Number 5489)
High Nessus Plugin ID 34234
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThe ntp daemon did not use supplied keys.
The cause of the problem is that the authentication system is initialized after the config is parsed and that the keyfile option is parsed only by storing the keyfile name for later use when the authentication system is initialized. The trustedkey option is handled by attempting to complete the trusting of the specified keys (which are not yet loaded). So, all the trusting fails because it has nothing to act on.
This problem is fixed with this patch.
SolutionApply ZYPP patch number 5489.