New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote SuSE 11 host is missing one or more security updates.
Description
ntp has been updated to fix four security issues :
- ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764).
(CVE-2014-9294)
- The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
(bsc#910764). (CVE-2014-9293)
- ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed.
(bsc#910764). (CVE-2014-9298)
- vallen is not validated in several places in ntp_crypto.c, leading to potential information leak.
(bsc#910764). (CVE-2014-9297)
Solution
Apply SAT patch number 10293.