Bulletin d'alerte Debian
DSA-801-1 ntp -- Erreur de programmation
- Date du rapport :
- 5 septembre 2005
- Paquets concernés :
- ntp
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2005-2496.
- Plus de précisions :
-
Des développeurs de SuSE ont découvert que ntp confondait l'identifiant de groupe fourni avec celui de l'utilisateur exécutant la commande, lorsqu'un identifiant de groupe était indiqué en ligne de commande sous forme de chaîne de caractère et non sous forme numérique, ce qui pouvait mener à l'exécution de ntpd avec d'autres droits que ceux attendus.
L'ancienne distribution stable (Woody) n'est pas touchée par ce problème.
Pour l'actuelle distribution stable (Sarge), ce problème a été corrigé dans la version 4.2.0a+stable-2sarge1.
La distribution instable (Sid) n'est pas touchée par ce problème.
Nous vous recommandons de mettre à jour votre paquet ntp-server.
- Corrigé dans :
-
Debian GNU/Linux 3.1 (sarge)
- Source :
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.dsc
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.diff.gz
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.diff.gz
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.0a+stable-2sarge1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_arm.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_arm.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_arm.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_arm.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_arm.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_i386.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_i386.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_i386.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_i386.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_i386.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mips.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mips.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mips.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mips.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mips.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_s390.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_s390.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_s390.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_s390.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_s390.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.