CentOS Update For Ntp CESA-2009:0046 Centos5 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021) Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.

Affected

ntp on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2009-April/015755.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0021
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

CentOS Update for apr CESA-2011:0844 centos4 i386
CentOS Security Advisory CESA-2009:0361 (NetworkManager)
CentOS Security Advisory CESA-2009:1339 (rgmanager)
CentOS Security Advisory CESA-2009:0436 (firefox)
CentOS Security Advisory CESA-2009:1083 (cups)

CentOS Update for ntp CESA-2009:0046 centos5 i386

Take action and discover your vulnerabilities