ntp 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1246385252
업데이트 : 2009.07.01
상세내용
- 보안버그 수정 사항
. CVE-2009-0159
A buffer overflow flaw was found in the ntpq diagnostic command. A
malicious, remote server could send a specially-crafted reply to an ntpq
request that could crash ntpq or, potentially, execute arbitrary code with
the privileges of the user running the ntpq command.
. CVE-2009-1252
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
authentication code. If ntpd was configured to use public key cryptography
for NTP packet authentication, a remote attacker could use this flaw to
send a specially-crafted request packet that could crash ntpd or,
potentially, execute arbitrary code with the privileges of the "ntp" user.
Autoupdates 지원 : 지원
- 업데이트 후에 service ntpd restart 명령으로 데몬 재시작 해 주십시오.
update 패키지
RPMS :
. ntp-4.2.0a-8.2.i686.rpm
SRPMS :
. ntp-4.2.0a-8.2.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
|