OracleVM 2.1 : ntp (OVMSA-2009-0011)
Medium Nessus Plugin ID 79458
SynopsisThe remote OracleVM host is missing a security update.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
CVE-2009-0159 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
CVE-2009-1252 Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
CVE-2009-0021 NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
- fix buffer overflow when parsing Autokey association message (#500783, CVE-2009-1252)
- fix buffer overflow in ntpq (#500783, CVE-2009-0159)
- fix check for malformed signatures (#479698, CVE-2009-0021)
- fix selecting multicast interface (#444106)
- disable kernel discipline when -x option is used (#431729)
- avoid use of uninitialized floating-point values in clock_select (#250838)
- generate man pages from html source, include config man pages (#307271)
- add note about paths and exit codes to ntpd man page (#242925, #246568)
- add section about exit codes to ntpd man page (#319591)
- always return 0 in scriptlets
- pass additional options to ntpdate (#240141)
- fix broadcast client to accept broadcasts on 255.255.255.255 (#226958)
- compile with crypto support on 64bit architectures (#239580)
- add ncurses-devel to buildrequires (#239580)
- exit with nonzero code if ntpd -q did not set clock (#240134)
- fix return codes in init script (#240118)
SolutionUpdate the affected ntp package.