FreeBSD : ntp -- multiple vulnerabilities (4033d826-87dd-11e4-9079-3c970e169bc2)
High Nessus Plugin ID 80149
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionCERT reports :
The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed.
ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys.
The buffer overflow vulnerabilities in ntpd may allow a remote unauthenticated attacker to execute arbitrary malicious code with the privilege level of the ntpd process. The weak default key and non-cryptographic random number generator in ntp-keygen may allow an attacker to gain information regarding the integrity checking and authentication encryption schemes.
SolutionUpdate the affected packages.