Gentoo Linux Security Advisory GLSA 200904-05 - An error in the OpenSSL certificate chain validation in ntp might allow for spoofing attacks. It has been reported that ntp incorrectly checks the return value of the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA 200902-02). Versions less than 4.2.4_p6 are affected.
0e5fa699a46ec5e9f265e1a39fe25883622745ac39c71c62197aefe647354ffbMandriva Linux Security Advisory 2009-007 - A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature. The updated packages have been patched to prevent this issue.
c9e99a6102c7efbed61e4bae8c6ba69c917268c68c4c956a0db78af8c0f45be8Debian Security Advisory 1702-1 - It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. (Note that cryptographic authentication of time servers is often not enabled in the first place.)
da30bda0f6254fc59ac6cfd41f4e732342fec33fac7d90562e8150b9449d09d3Ubuntu Security Notice USN-705-1 - It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature.
d433be9481ba7c4b533df5af3d86a31d25305815815233f66d94e668897e6dee
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed