what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-007

Mandriva Linux Security Advisory 2009-007
Posted Jan 14, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-007 - A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature. The updated packages have been patched to prevent this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2009-0021
SHA-256 | c9e99a6102c7efbed61e4bae8c6ba69c917268c68c4c956a0db78af8c0f45be8

Mandriva Linux Security Advisory 2009-007

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:007
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ntp
Date : January 13, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A flaw was found in how NTP checked the return value of signature
verification. A remote attacker could use this to bypass certificate
validation by using a malformed SSL/TLS signature (CVE-2009-0021).

The updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
91f0330a936cb343029aec711da0ce4f 2008.0/i586/ntp-4.2.4-10.1mdv2008.0.i586.rpm
e7e6559f0431ff856d0da0b1d5a590a4 2008.0/i586/ntp-client-4.2.4-10.1mdv2008.0.i586.rpm
05f3b3c5777f6bef48ee85fefeaff8a8 2008.0/i586/ntp-doc-4.2.4-10.1mdv2008.0.i586.rpm
a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e68c5263d456ec90d157787e70b17b99 2008.0/x86_64/ntp-4.2.4-10.1mdv2008.0.x86_64.rpm
85e0c28eae68bcdcca997c5c2bb9bf8c 2008.0/x86_64/ntp-client-4.2.4-10.1mdv2008.0.x86_64.rpm
ffbd2a9f924478d27f33ad13e1c4e250 2008.0/x86_64/ntp-doc-4.2.4-10.1mdv2008.0.x86_64.rpm
a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
1a9909288448845fa41b220b50917ee1 2008.1/i586/ntp-4.2.4-15.1mdv2008.1.i586.rpm
6693319db15308f559912c9fe989bdd6 2008.1/i586/ntp-client-4.2.4-15.1mdv2008.1.i586.rpm
63758cadb1cf81ebb7bef096dc285f2f 2008.1/i586/ntp-doc-4.2.4-15.1mdv2008.1.i586.rpm
ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
9c7b290e643cae08556bd3b1f6380926 2008.1/x86_64/ntp-4.2.4-15.1mdv2008.1.x86_64.rpm
7fd00c9b82a0ca577962d59975433071 2008.1/x86_64/ntp-client-4.2.4-15.1mdv2008.1.x86_64.rpm
f99d1d7980dd6788a0f0c4924241a6d3 2008.1/x86_64/ntp-doc-4.2.4-15.1mdv2008.1.x86_64.rpm
ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
82ed4b25f0a0c1c607e5819ec1d70603 2009.0/i586/ntp-4.2.4-18.1mdv2009.0.i586.rpm
71855df81d8dd138d54fb24f5c221a5b 2009.0/i586/ntp-client-4.2.4-18.1mdv2009.0.i586.rpm
30874a706c15d4086df8493af51f5082 2009.0/i586/ntp-doc-4.2.4-18.1mdv2009.0.i586.rpm
248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
c6462453877b538618e8bf8d0132b1a3 2009.0/x86_64/ntp-4.2.4-18.1mdv2009.0.x86_64.rpm
abe80d9922eb665d6e5be56197895a68 2009.0/x86_64/ntp-client-4.2.4-18.1mdv2009.0.x86_64.rpm
eb780b2e38ebb1b4ee1999c4f0429231 2009.0/x86_64/ntp-doc-4.2.4-18.1mdv2009.0.x86_64.rpm
248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

Corporate 3.0:
d1593543a5d37e6b8ea2c8468ce1d0d3 corporate/3.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm
fc6c1a4605258d876c8a09d7d0d116ef corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
1214dd1fed42c4acd3ad36da9bd8b0ea corporate/3.0/x86_64/ntp-4.2.0-2.1.C30mdk.x86_64.rpm
fc6c1a4605258d876c8a09d7d0d116ef corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

Corporate 4.0:
dcc6abed648d3baac3233264bc107517 corporate/4.0/i586/ntp-4.2.0-21.3.20060mlcs4.i586.rpm
d1c9cf4d821856af81ce574fa08c1f52 corporate/4.0/i586/ntp-client-4.2.0-21.3.20060mlcs4.i586.rpm
50c665296cd7d09f4e98ae04e998e350 corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6c41fd0f995d8cf8cf216bf82e062de0 corporate/4.0/x86_64/ntp-4.2.0-21.3.20060mlcs4.x86_64.rpm
da7f3cd1385ae2250cd191182079c037 corporate/4.0/x86_64/ntp-client-4.2.0-21.3.20060mlcs4.x86_64.rpm
50c665296cd7d09f4e98ae04e998e350 corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
d7ff99538a0da678adcc5606913bc1b6 mnf/2.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm
c8af767376df674dd434307c628e30cd mnf/2.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJbRVSmqjQ0CJFipgRAt23AJ43dVc9u32PRtOsFf8+xdJzSIx+wACdFIK3
LT/YaZTGtZnOdbhIr2LV9dg=
=23nb
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close