LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: [ MDVSA-2009:007 ] ntp Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature (CVE-2009-0021). The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:007
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ntp
 Date    : January 13, 2009
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A flaw was found in how NTP checked the return value of signature
 verification.  A remote attacker could use this to bypass certificate
 validation by using a malformed SSL/TLS signature (CVE-2009-0021).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 91f0330a936cb343029aec711da0ce4f  2008.0/i586/ntp-4.2.4-10.1mdv2008.0.i586.rpm
 e7e6559f0431ff856d0da0b1d5a590a4  2008.0/i586/ntp-client-4.2.4-10.1mdv2008.0.i586.rpm
 05f3b3c5777f6bef48ee85fefeaff8a8  2008.0/i586/ntp-doc-4.2.4-10.1mdv2008.0.i586.rpm 
 a9cd3b03e611b517664ffae074da31da  2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 e68c5263d456ec90d157787e70b17b99  2008.0/x86_64/ntp-4.2.4-10.1mdv2008.0.x86_64.rpm
 85e0c28eae68bcdcca997c5c2bb9bf8c  2008.0/x86_64/ntp-client-4.2.4-10.1mdv2008.0.x86_64.rpm
 ffbd2a9f924478d27f33ad13e1c4e250  2008.0/x86_64/ntp-doc-4.2.4-10.1mdv2008.0.x86_64.rpm 
 a9cd3b03e611b517664ffae074da31da  2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 1a9909288448845fa41b220b50917ee1  2008.1/i586/ntp-4.2.4-15.1mdv2008.1.i586.rpm
 6693319db15308f559912c9fe989bdd6  2008.1/i586/ntp-client-4.2.4-15.1mdv2008.1.i586.rpm
 63758cadb1cf81ebb7bef096dc285f2f  2008.1/i586/ntp-doc-4.2.4-15.1mdv2008.1.i586.rpm 
 ca06251ccab188cdb4f28fba35190eb6  2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 9c7b290e643cae08556bd3b1f6380926  2008.1/x86_64/ntp-4.2.4-15.1mdv2008.1.x86_64.rpm
 7fd00c9b82a0ca577962d59975433071  2008.1/x86_64/ntp-client-4.2.4-15.1mdv2008.1.x86_64.rpm
 f99d1d7980dd6788a0f0c4924241a6d3  2008.1/x86_64/ntp-doc-4.2.4-15.1mdv2008.1.x86_64.rpm 
 ca06251ccab188cdb4f28fba35190eb6  2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 82ed4b25f0a0c1c607e5819ec1d70603  2009.0/i586/ntp-4.2.4-18.1mdv2009.0.i586.rpm
 71855df81d8dd138d54fb24f5c221a5b  2009.0/i586/ntp-client-4.2.4-18.1mdv2009.0.i586.rpm
 30874a706c15d4086df8493af51f5082  2009.0/i586/ntp-doc-4.2.4-18.1mdv2009.0.i586.rpm 
 248052356a2606f377debf55257b6855  2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 c6462453877b538618e8bf8d0132b1a3  2009.0/x86_64/ntp-4.2.4-18.1mdv2009.0.x86_64.rpm
 abe80d9922eb665d6e5be56197895a68  2009.0/x86_64/ntp-client-4.2.4-18.1mdv2009.0.x86_64.rpm
 eb780b2e38ebb1b4ee1999c4f0429231  2009.0/x86_64/ntp-doc-4.2.4-18.1mdv2009.0.x86_64.rpm 
 248052356a2606f377debf55257b6855  2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

 Corporate 3.0:
 d1593543a5d37e6b8ea2c8468ce1d0d3  corporate/3.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm 
 fc6c1a4605258d876c8a09d7d0d116ef  corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1214dd1fed42c4acd3ad36da9bd8b0ea  corporate/3.0/x86_64/ntp-4.2.0-2.1.C30mdk.x86_64.rpm 
 fc6c1a4605258d876c8a09d7d0d116ef  corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

 Corporate 4.0:
 dcc6abed648d3baac3233264bc107517  corporate/4.0/i586/ntp-4.2.0-21.3.20060mlcs4.i586.rpm
 d1c9cf4d821856af81ce574fa08c1f52  corporate/4.0/i586/ntp-client-4.2.0-21.3.20060mlcs4.i586.rpm 
 50c665296cd7d09f4e98ae04e998e350  corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6c41fd0f995d8cf8cf216bf82e062de0  corporate/4.0/x86_64/ntp-4.2.0-21.3.20060mlcs4.x86_64.rpm
 da7f3cd1385ae2250cd191182079c037  corporate/4.0/x86_64/ntp-client-4.2.0-21.3.20060mlcs4.x86_64.rpm 
 50c665296cd7d09f4e98ae04e998e350  corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 d7ff99538a0da678adcc5606913bc1b6  mnf/2.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm 
 c8af767376df674dd434307c628e30cd  mnf/2.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
The Hacktivist as Angry Young Man
The Hacker Wars Hits NYC
CAINE Linux Distribution Helps Investigators With Forensic Analysis
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.