Alert GCSA-15047 - Vulnerabilita' in NTP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15047
Data: 27 Ottobre 2015
Titolo: Vulnerabilita' in NTP
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in NTP che potrebbero
essere sfruttate da un aggressore remoto per visualizzare file,
oltrepassare restrizioni di autenticazione, modificare l'ora
e provocare una condizione di denial of service sul sistema target.
Attualmente sembra non sia stato ancora pubblicato alcun exploit.
Per una descrizione completa delle vulnerabilita' si rimanda alla sezione "Riferimenti".
:: Software interessato
Versioni di NTP precedenti alla 4.2.8p4
:: Impatto
Denial of service via network
Rivelazione e modifica di informazioni utente e di sistema
:: Soluzioni
Aggiornare NTP alla versione 4.2.8p4
http://www.ntp.org/downloads.html
:: Riferimenti
NTP.org
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
SecurityTracker
http://www.securitytracker.com/id/1033951
NetworkTimeFoundation
http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFWL4EZwZxMk2USYEIRAmGJAJ93KFTqR3PARWbruMocmam4swY2BACeOEpL
qGf0ntP4as2hzHQcY5wDyus=
=jLe+
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-15047
Data: 27 Ottobre 2015
Titolo: Vulnerabilita' in NTP
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in NTP che potrebbero
essere sfruttate da un aggressore remoto per visualizzare file,
oltrepassare restrizioni di autenticazione, modificare l'ora
e provocare una condizione di denial of service sul sistema target.
Attualmente sembra non sia stato ancora pubblicato alcun exploit.
Per una descrizione completa delle vulnerabilita' si rimanda alla sezione "Riferimenti".
:: Software interessato
Versioni di NTP precedenti alla 4.2.8p4
:: Impatto
Denial of service via network
Rivelazione e modifica di informazioni utente e di sistema
:: Soluzioni
Aggiornare NTP alla versione 4.2.8p4
http://www.ntp.org/downloads.html
:: Riferimenti
NTP.org
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
SecurityTracker
http://www.securitytracker.com/id/1033951
NetworkTimeFoundation
http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFWL4EZwZxMk2USYEIRAmGJAJ93KFTqR3PARWbruMocmam4swY2BACeOEpL
qGf0ntP4as2hzHQcY5wDyus=
=jLe+
-----END PGP SIGNATURE-----