2009年5月19日

[installer 1938] ntp-4.2.4p7

ntp-4.2.4p7 出ています。

セキュリティホールの修正が含まれています。
http://www.kb.cert.org/vuls/id/853097
参照のこと。

☆ ntp-4.2.4p7
http://www.ntp.org/

ftp://ftp.udel.edu/pub/ntp/ntp4/ntp-4.2/ntp-4.2.4p7.tar.gz
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.4p7.tar.gz

NTP 4.2.4p7 (Harlan Stenn <stenn@xxxxx>, 2009/05/04)

Focus: Security and Bug Fixes

Severity: HIGH

This release fixes the following high-severity vulnerability:

* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252

See http://support.ntp.org/security for more information.

If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
line) then a carefully crafted packet sent to the machine will cause
a buffer overflow and possible execution of injected code, running
with the privileges of the ntpd process (often root).

Credit for finding this vulnerability goes to Chris Ries of CMU.

This release fixes the following low-severity vulnerabilities:

* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
Credit for finding this vulnerability goes to Geoff Keating of Apple.

* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
Credit for finding this issue goes to Dave Hart.

This release fixes a number of bugs and adds some improvements:

* Improved logging
* Fix many compiler warnings
* Many fixes and improvements for Windows
* Adds support for AIX 6.1
* Resolves some issues under MacOS X and Solaris

THIS IS A STRONGLY RECOMMENDED UPGRADE.

----
こがよういちろう


投稿者 xml-rpc : 2009年5月19日 15:02
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/85217
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。