SuSE 11.3 Security Update : ntp (SAT Patch Number 10117)

High Nessus Plugin ID 80217

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This ntp update fixes the following critical security issue :

- A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication) and ctl_putdata() where updated to avoid buffer overflows that could have been exploited. (CVE-2014-9295 / VU#852879)

Solution

Apply SAT patch number 10117.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=910764

http://support.novell.com/security/cve/CVE-2014-9295.html

Plugin Details

Severity: High

ID: 80217

File Name: suse_11_ntp-141219.nasl

Version: Revision: 1.8

Type: local

Agent: unix

Published: 2014/12/23

Updated: 2015/11/01

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:ntp, p-cpe:/a:novell:suse_linux:11:ntp-doc, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2014/12/19

Reference Information

CVE: CVE-2014-9295

CERT: 852879