Gentoo Linux Security Advisory GLSA 200904-05 - An error in the OpenSSL certificate chain validation in ntp might allow for spoofing attacks. It has been reported that ntp incorrectly checks the return value of the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA 200902-02). Versions less than 4.2.4_p6 are affected.
0e5fa699a46ec5e9f265e1a39fe25883622745ac39c71c62197aefe647354ffb
Mandriva Linux Security Advisory 2009-007 - A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature. The updated packages have been patched to prevent this issue.
c9e99a6102c7efbed61e4bae8c6ba69c917268c68c4c956a0db78af8c0f45be8
Debian Security Advisory 1702-1 - It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. (Note that cryptographic authentication of time servers is often not enabled in the first place.)
da30bda0f6254fc59ac6cfd41f4e732342fec33fac7d90562e8150b9449d09d3
Ubuntu Security Notice USN-705-1 - It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature.
d433be9481ba7c4b533df5af3d86a31d25305815815233f66d94e668897e6dee