Debians sikkerhedsbulletin

DSA-801-1 ntp -- programmeringsfejl

Rapporteret den:

5. sep 2005

Berørte pakker:

ntp

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2005-2496.

Yderligere oplysninger:

SuSE-udviklere har opdaget at ntp forveksle den angivne gruppeid med gruppeid'en hørende til den pågældende bruger, når gruppeid'en angives på kommandolinjen er specifieres som en streng og ikke som en numerisk gid, hvilket medfører at ntpd kører med andre rettigheder end ønsket.

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

I den stabile distribution (sarge) er dette problem rettet i version 4.2.0a+stable-2sarge1.

Den ustabile distribution (sid) er ikke påvirket af dette problem.

Vi anbefaler at du opgraderer din ntp-server-pakke.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.dsc; http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.diff.gz; http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.0a+stable-2sarge1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français svenska

Sådan opsætter du standardsprogvalg for dokumenter

For at rapportere et problem med webstedet sendes en e-mail på engelsk til debian-www@lists.debian.org. Se Debians kontaktside for andre kontaktoplysninger.

Senest opdateret: Fre 4. jul 2008 kl. 19.41.45 UTC
Ophavsretsbeskyttet © 2005-2008 SPI; Se licensbetingelserne
Debian er et registreret varemærke tilhørende Software in the Public Interest, Inc.