Nome do pacote
ntp
Data
2009-12-08
ID Alerta
MDVSA-2009:328
Versões afetadas
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , MES5 i586 , 2008.0 i586 , 2009.1 x86_64 , CS4.0 i586 , MES5 x86_64

Descrição do problema

A vulnerability has been found and corrected in ntp:

Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd
handled certain malformed NTP packets. ntpd logged information about
all such packets and replied with an NTP packet that was treated as
malformed when received by another ntpd. A remote attacker could use
this flaw to create an NTP packet reply loop between two ntpd servers
via a malformed packet with a spoofed source IP address and port,
causing ntpd on those servers to use excessive amounts of CPU time
and fill disk space with log messages (CVE-2009-3563).

This update provides a solution to this vulnerability.

Pacotes atualizados

2009.0 x86_64

 e31f3f71e730e5777d9832cd76430b17  2009.0/x86_64/ntp-4.2.4-18.5mdv2009.0.x86_64.rpm
 67a998da616d287fe9e15092bbd45ff6  2009.0/x86_64/ntp-client-4.2.4-18.5mdv2009.0.x86_64.rpm
 ab02dd7a3457f0ba75248390827c69a4  2009.0/x86_64/ntp-doc-4.2.4-18.5mdv2009.0.x86_64.rpm 
 45b55bdbde84289b20e295b9dbf188fb  2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm

CS4.0 x86_64

 1bd4395c9c80b583bad4ce5085c0d557  corporate/4.0/x86_64/ntp-4.2.0-21.7.20060mlcs4.x86_64.rpm
 95f812f672cf79fccee411154c23d6ee  corporate/4.0/x86_64/ntp-client-4.2.0-21.7.20060mlcs4.x86_64.rpm 
 d2ed46d981570f66763f85c822b14179  corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm

MNF2.0 i586

 56a2596fd513295f0700508c08a6a3da  mnf/2.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm 
 f8218643f02c3168e0331852630835a0  mnf/2.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm

2010.0 x86_64

 2e938e58d48f3f581ffaab085dacc1f2  2010.0/x86_64/ntp-4.2.4-27.1mdv2010.0.x86_64.rpm
 cde3421867c549169751f2964420a578  2010.0/x86_64/ntp-client-4.2.4-27.1mdv2010.0.x86_64.rpm
 d9799e7286a49420699d3995e8bc1e47  2010.0/x86_64/ntp-doc-4.2.4-27.1mdv2010.0.x86_64.rpm 
 7bbd4271086ace434dd8a958bc7c2488  2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm

2010.0 i586

 2913258a9be65654a3ce5e16c1bd5b25  2010.0/i586/ntp-4.2.4-27.1mdv2010.0.i586.rpm
 90cf8d7f8fb468461f8b8baf7d97daa4  2010.0/i586/ntp-client-4.2.4-27.1mdv2010.0.i586.rpm
 0b8527559ef05049461cea2f5a83bd6d  2010.0/i586/ntp-doc-4.2.4-27.1mdv2010.0.i586.rpm 
 7bbd4271086ace434dd8a958bc7c2488  2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm

2009.1 i586

 b6597f0ee96ec99c7ddbe5e18a588e48  2009.1/i586/ntp-4.2.4-22.3mdv2009.1.i586.rpm
 069667f851886c39daa0309a5e920619  2009.1/i586/ntp-client-4.2.4-22.3mdv2009.1.i586.rpm
 9d5b87f008f00ad30b3c652e5f62eea2  2009.1/i586/ntp-doc-4.2.4-22.3mdv2009.1.i586.rpm 
 e2686dd1237f529bb08f2837052fb46f  2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm

2009.0 i586

 6a38837b845970b62520f48273362485  2009.0/i586/ntp-4.2.4-18.5mdv2009.0.i586.rpm
 4f9d98a186c4ca4348f8296fde0bf174  2009.0/i586/ntp-client-4.2.4-18.5mdv2009.0.i586.rpm
 0ae26de5f1bddba4c2718a55463d94b7  2009.0/i586/ntp-doc-4.2.4-18.5mdv2009.0.i586.rpm 
 45b55bdbde84289b20e295b9dbf188fb  2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm

CS3.0 x86_64

 44130a38552f20b3f34d176c47aa5aab  corporate/3.0/x86_64/ntp-4.2.0-2.4.C30mdk.x86_64.rpm 
 a485cad0631598335af0e89ea399ff9d  corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm

2008.0 x86_64

 4fa28ef04548ded3dc604ea61a671cc5  2008.0/x86_64/ntp-4.2.4-10.3mdv2008.0.x86_64.rpm
 b79353be7c2da1fadf3bc55c2c06a6a6  2008.0/x86_64/ntp-client-4.2.4-10.3mdv2008.0.x86_64.rpm
 c93dd45fc32ece044874c09aac85ce66  2008.0/x86_64/ntp-doc-4.2.4-10.3mdv2008.0.x86_64.rpm 
 167e3a9dbf1bd10fd576e6a91a2cbc10  2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm

CS3.0 i586

 65dda36544e7a43175abfd64aa725b34  corporate/3.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm 
 a485cad0631598335af0e89ea399ff9d  corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm

MES5 i586

 16e3975f3e4bb9a830eb1e8166f2fec7  mes5/i586/ntp-4.2.4-18.5mdvmes5.i586.rpm
 2af9623d6f3685d54dd4db31f9622f7a  mes5/i586/ntp-client-4.2.4-18.5mdvmes5.i586.rpm
 5abb771d456b4094d123c5cf24701aee  mes5/i586/ntp-doc-4.2.4-18.5mdvmes5.i586.rpm 
 086a05988392a6602c023f4e453bcc32  mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm

2008.0 i586

 7377623e9f89c5f6f6cc7af577974458  2008.0/i586/ntp-4.2.4-10.3mdv2008.0.i586.rpm
 977fdaf289c9eff53fb6d563b8a60ede  2008.0/i586/ntp-client-4.2.4-10.3mdv2008.0.i586.rpm
 e2701dc192a578b141f9408d355522b6  2008.0/i586/ntp-doc-4.2.4-10.3mdv2008.0.i586.rpm 
 167e3a9dbf1bd10fd576e6a91a2cbc10  2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm

2009.1 x86_64

 e88121b38c942c572b61ba7631130104  2009.1/x86_64/ntp-4.2.4-22.3mdv2009.1.x86_64.rpm
 c10eaf7ecbeb3b5db5eac978cb2ae78e  2009.1/x86_64/ntp-client-4.2.4-22.3mdv2009.1.x86_64.rpm
 8ff34e79ed1f88fa2e7b7e8030232a30  2009.1/x86_64/ntp-doc-4.2.4-22.3mdv2009.1.x86_64.rpm 
 e2686dd1237f529bb08f2837052fb46f  2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm

CS4.0 i586

 a2f5a598865d390f7c537fc9e1a9a758  corporate/4.0/i586/ntp-4.2.0-21.7.20060mlcs4.i586.rpm
 f7eb3884bc0aa71f8237d9500d24489e  corporate/4.0/i586/ntp-client-4.2.0-21.7.20060mlcs4.i586.rpm 
 d2ed46d981570f66763f85c822b14179  corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm

MES5 x86_64

 9b40b186bf9ebeb70c1350f9a158ac92  mes5/x86_64/ntp-4.2.4-18.5mdvmes5.x86_64.rpm
 f4a42229dc9b408b04f0c83aa3a25720  mes5/x86_64/ntp-client-4.2.4-18.5mdvmes5.x86_64.rpm
 2022447e5d9dbf6ee1a6e594935b1d04  mes5/x86_64/ntp-doc-4.2.4-18.5mdvmes5.x86_64.rpm 
 086a05988392a6602c023f4e453bcc32  mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm

Referências