ID CVE-2018-7170 Type cve Reporter cve@mitre.org Modified 2020-06-18T14:01:00
Description
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
{"f5": [{"lastseen": "2019-09-30T20:28:25", "bulletinFamily": "software", "cvelist": ["CVE-2018-7170", "CVE-2016-1549"], "description": "\nF5 Product Development has assigned ID 710387 (BIG-IP), ID 710554 (BIG-IQ), and ID 710553 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H82570157 on the **Diagnostics** > **Identified** > **Low** page. \n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 13.x | 13.1.0 \n13.0.0 | None | Low | [3.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N>) | NTP configured to use symmetric keys \n12.x | 12.1.0 - 12.1.3 | None \n11.x | 11.6.3 \n11.5.1 - 11.5.5 \n11.2.1 | None \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [3.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N>) | NTP configured to use symmetric keys \nBIG-IQ Centralized Management | 5.x | 5.0.0 - 5.4.0 | None | Low | [3.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N>) | NTP configured to use symmetric keys \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Low | [3.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N>) | NTP configured to use symmetric keys \nF5 iWorkflow | 2.x | 2.0.1 - 2.3.0 | None | Low | [3.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N>) | NTP configured to use symmetric keys \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**Note**: For details about how Security Advisory articles are versioned, and what versions are listed in the table, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\n \nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-03-28T00:39:00", "published": "2018-03-19T19:32:00", "id": "F5:K82570157", "href": "https://support.f5.com/csp/article/K82570157", "title": "NTP vulnerability CVE-2018-7170", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-09-25T13:00:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7170"], "description": "The host is running NTP.org", "modified": "2019-09-24T00:00:00", "published": "2018-03-07T00:00:00", "id": "OPENVAS:1361412562310812793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812793", "type": "openvas", "title": "NTP.org 'ntpd' Authenticated Symmetric Passive Peering Remote Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# NTP Authenticated Symmetric Passive Peering Remote Vulnerability\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ntp:ntp\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812793\");\n script_version(\"2019-09-24T10:41:39+0000\");\n script_cve_id(\"CVE-2018-7170\");\n script_bugtraq_id(103194);\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-09-24 10:41:39 +0000 (Tue, 24 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-07 12:17:55 +0530 (Wed, 07 Mar 2018)\");\n script_name(\"NTP.org 'ntpd' Authenticated Symmetric Passive Peering Remote Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ntp_detect_lin.nasl\");\n script_mandatory_keys(\"ntpd/version/detected\");\n\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3454\");\n\n script_tag(name:\"summary\", value:\"The host is running NTP.org's reference implementation\n of NTP server, ntpd and is prone to a remote security vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exist due to if a system is\n set up to use a trustedkey and if one is not using the feature introduced in\n ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to specify\n which IPs can serve time.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain security restrictions and perform some unauthorized\n actions to the application. This may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"NTP.org's ntpd version 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to NTP.org's ntpd version 4.2.8p7 or 4.2.8p11\n or 4.3.92.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_full(cpe:CPE, port:port))\n exit(0);\n\nif(!version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif(version =~ \"^4\\.2\") {\n if(revcomp(a:version, b:\"4.2.8p7\") < 0) {\n fix = \"4.2.8p7 or 4.2.8p11\";\n }\n}\nelse if(version =~ \"^4\\.3\") {\n if(revcomp(a:version, b:\"4.3.92\") < 0) {\n fix = \"4.3.92 or 4.2.8p11\";\n }\n}\n\nif(fix) {\n report = report_fixed_ver(installed_version:version, fixed_version:fix, install_path:location);\n security_message(port:port, proto:proto, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-01-31T17:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310852021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852021", "type": "openvas", "title": "openSUSE: Security Advisory for ntp (openSUSE-SU-2018:3438-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852021\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:35:00 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for ntp (openSUSE-SU-2018:3438-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3438-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00064.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the openSUSE-SU-2018:3438-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for NTP to version 4.2.8p12 fixes the following\n vulnerabilities (bsc#1111853):\n\n - CVE-2018-12327: Fixed stack buffer overflow in the openhost()\n command-line call of NTPQ/NTPDC. (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\n association time spoofing additional protection (bsc#1083424)\n\n more information.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1280=1\");\n\n script_tag(name:\"affected\", value:\"ntp on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.8p12~31.6.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.8p12~31.6.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debugsource\", rpm:\"ntp-debugsource~4.2.8p12~31.6.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.8p12~31.6.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310852083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852083", "type": "openvas", "title": "openSUSE: Security Advisory for ntp (openSUSE-SU-2018:3452-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852083\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:42:59 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for ntp (openSUSE-SU-2018:3452-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3452-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00069.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the openSUSE-SU-2018:3452-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NTP was updated to 4.2.8p12 (bsc#1111853):\n\n - CVE-2018-12327: Fixed stack buffer overflow in the openhost()\n command-line call of NTPQ/NTPDC. (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\n association time spoofing additional protection (bsc#1083424)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1275=1\");\n\n script_tag(name:\"affected\", value:\"ntp on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.8p12~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.8p12~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debugsource\", rpm:\"ntp-debugsource~4.2.8p12~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.8p12~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-08-30T00:00:00", "id": "OPENVAS:1361412562310875015", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875015", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2018-e585e25b72", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e585e25b72_ntp_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ntp FEDORA-2018-e585e25b72\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875015\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-30 07:28:10 +0200 (Thu, 30 Aug 2018)\");\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2018-e585e25b72\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e585e25b72\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/437XM4CMBCMPK7D2RSEUZIRLFZD5ZNRD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.8p12~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8936", "CVE-2018-12327", "CVE-2018-7170"], "description": "The remote host is missing an update for\n the ", "modified": "2019-04-07T00:00:00", "published": "2019-04-07T00:00:00", "id": "OPENVAS:1361412562310875556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875556", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2019-694e3aa4e8", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875556\");\n script_version(\"2019-04-07T02:08:25+0000\");\n script_cve_id(\"CVE-2019-8936\", \"CVE-2018-12327\", \"CVE-2018-7170\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-07 02:08:25 +0000 (Sun, 07 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-07 02:08:25 +0000 (Sun, 07 Apr 2019)\");\n script_name(\"Fedora Update for ntp FEDORA-2019-694e3aa4e8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-694e3aa4e8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'ntp' package(s) announced via the FEDORA-2019-694e3aa4e8 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to\n synchronize a computer', s time with another reference time source. This\n package includes ntpd (a daemon which continuously adjusts system time) and\n utilities used to query and configure the ntpd daemon.\n\nPerl scripts are in the ntp-perl package, ntpdate is in the ntpdate\npackage and sntp is in the sntp package. The documentation in HTML\nformat is in the ntp-doc package.\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.8p13~1.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7184", "CVE-2018-7185", "CVE-2018-7183", "CVE-2018-7170", "CVE-2016-1549", "CVE-2018-7182"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-28T00:00:00", "id": "OPENVAS:1361412562310874283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874283", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2018-de113aeac6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_de113aeac6_ntp_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ntp FEDORA-2018-de113aeac6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874283\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-28 08:57:55 +0200 (Wed, 28 Mar 2018)\");\n script_cve_id(\"CVE-2016-1549\", \"CVE-2018-7170\", \"CVE-2018-7182\", \"CVE-2018-7183\",\n \"CVE-2018-7184\", \"CVE-2018-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2018-de113aeac6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-de113aeac6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAWSWGYT4BYAU6JMQXZOD22NFWPCVJQP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.8p11~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7184", "CVE-2018-7185", "CVE-2018-7183", "CVE-2018-12327", "CVE-2018-7170", "CVE-2016-1549", "CVE-2018-7182"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-27T00:00:00", "id": "OPENVAS:1361412562310875100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875100", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2018-7051d682fa", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7051d682fa_ntp_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ntp FEDORA-2018-7051d682fa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875100\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-27 08:45:54 +0200 (Thu, 27 Sep 2018)\");\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\", \"CVE-2016-1549\", \"CVE-2018-7182\",\n \"CVE-2018-7183\", \"CVE-2018-7184\", \"CVE-2018-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2018-7051d682fa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7051d682fa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEPFU3UKOCOC2AUNLFMW6VQI3EN47FB6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.8p12~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-10-25T20:31:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "description": "NTP was updated to 4.2.8p12 (bsc#1111853):\n\n - CVE-2018-12327: Fixed stack buffer overflow in the openhost()\n command-line call of NTPQ/NTPDC. (bsc#1098531)\n - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\n association time spoofing additional protection (bsc#1083424)\n\n Please also see\n <a rel=\"nofollow\" href=\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\">https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/</a> for\n more information.\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-10-25T18:21:54", "published": "2018-10-25T18:21:54", "id": "OPENSUSE-SU-2018:3452-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00069.html", "title": "Security update for ntp (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-25T20:31:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "description": "This update for NTP to version 4.2.8p12 fixes the following\n vulnerabilities (bsc#1111853):\n\n - CVE-2018-12327: Fixed stack buffer overflow in the openhost()\n command-line call of NTPQ/NTPDC. (bsc#1098531)\n - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\n association time spoofing additional protection (bsc#1083424)\n\n Please also see\n <a rel=\"nofollow\" href=\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\">https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/</a> for\n more information.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2018-10-25T18:10:27", "published": "2018-10-25T18:10:27", "id": "OPENSUSE-SU-2018:3438-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00064.html", "title": "Security update for ntp (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation in HTML format is in the ntp-doc package. ", "modified": "2018-08-30T04:57:33", "published": "2018-08-30T04:57:33", "id": "FEDORA:D00D36075DA4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: ntp-4.2.8p12-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12327", "CVE-2018-7170", "CVE-2019-8936"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation in HTML format is in the ntp-doc package. ", "modified": "2019-04-07T01:47:38", "published": "2019-04-07T01:47:38", "id": "FEDORA:B6F06606E5A6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: ntp-4.2.8p13-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1549", "CVE-2018-7170", "CVE-2018-7182", "CVE-2018-7183", "CVE-2018-7184", "CVE-2018-7185"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation in HTML format is in the ntp-doc package. ", "modified": "2018-03-27T20:16:30", "published": "2018-03-27T20:16:30", "id": "FEDORA:8746560A764C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: ntp-4.2.8p11-1.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1549", "CVE-2018-7170", "CVE-2018-7182", "CVE-2018-7183", "CVE-2018-7184", "CVE-2018-7185"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation in HTML format is in the ntp-doc package. ", "modified": "2018-03-27T19:30:28", "published": "2018-03-27T19:30:28", "id": "FEDORA:D24F26076D26", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: ntp-4.2.8p11-1.fc26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1549", "CVE-2018-12327", "CVE-2018-7170", "CVE-2018-7182", "CVE-2018-7183", "CVE-2018-7184", "CVE-2018-7185"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation in HTML format is in the ntp-doc package. ", "modified": "2018-09-26T20:17:54", "published": "2018-09-26T20:17:54", "id": "FEDORA:B80B9607548F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: ntp-4.2.8p12-1.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-14T06:15:55", "description": "NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-24T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:3342-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2018-10-24T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ntp-doc", "p-cpe:/a:novell:suse_linux:ntp-debugsource", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2018-3342-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118352", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3342-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118352);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:3342-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12327/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7170/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183342-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbc7b36f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-2404=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-2404=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2404=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-2404=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-2404=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-2404=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2404=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-2404=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debuginfo-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debugsource-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-doc-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ntp-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ntp-debuginfo-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ntp-debugsource-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ntp-doc-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ntp-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ntp-debuginfo-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ntp-debugsource-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ntp-doc-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ntp-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p12-64.8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p12-64.8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:56:35", "description": "NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-24T00:00:00", "title": "SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3352-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2018-10-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ntp-doc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2018-3352-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3352-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118356);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3352-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12327/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7170/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183352-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8d42a4b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ntp-13832=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ntp-13832=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ntp-4.2.8p12-64.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ntp-doc-4.2.8p12-64.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:56:36", "description": "NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-24T00:00:00", "title": "SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3356-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2018-10-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ntp-doc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2018-3356-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3356-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118357);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3356-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12327/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7170/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183356-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddd0ce9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-ntp-13833=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-ntp-13833=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-ntp-13833=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"ntp-4.2.8p12-48.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"ntp-doc-4.2.8p12-48.21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:34:32", "description": "NTP was updated to 4.2.8p12 (bsc#1111853) :\n\n - CVE-2018-12327: Fixed stack-based buffer overflow in the\n openhost() command-line call of NTPQ/NTPDC.\n (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for\n the ephemeral association time spoofing additional\n protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "title": "openSUSE Security Update : ntp (openSUSE-2018-1275)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2018-10-26T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:ntp-debuginfo", "p-cpe:/a:novell:opensuse:ntp-debugsource", "p-cpe:/a:novell:opensuse:ntp"], "id": "OPENSUSE-2018-1275.NASL", "href": "https://www.tenable.com/plugins/nessus/118445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1275.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118445);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"openSUSE Security Update : ntp (openSUSE-2018-1275)\");\n script_summary(english:\"Check for the openSUSE-2018-1275 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP was updated to 4.2.8p12 (bsc#1111853) :\n\n - CVE-2018-12327: Fixed stack-based buffer overflow in the\n openhost() command-line call of NTPQ/NTPDC.\n (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for\n the ephemeral association time spoofing additional\n protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ntp-4.2.8p12-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ntp-debuginfo-4.2.8p12-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ntp-debugsource-4.2.8p12-lp150.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:34:36", "description": "This update for NTP to version 4.2.8p12 fixes the following\nvulnerabilities (bsc#1111853) :\n\n - CVE-2018-12327: Fixed stack-based buffer overflow in the\n openhost() command-line call of NTPQ/NTPDC.\n (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for\n the ephemeral association time spoofing additional\n protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "title": "openSUSE Security Update : ntp (openSUSE-2018-1280)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2018-10-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ntp-debuginfo", "p-cpe:/a:novell:opensuse:ntp-debugsource", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:ntp"], "id": "OPENSUSE-2018-1280.NASL", "href": "https://www.tenable.com/plugins/nessus/118450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1280.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118450);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"openSUSE Security Update : ntp (openSUSE-2018-1280)\");\n script_summary(english:\"Check for the openSUSE-2018-1280 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for NTP to version 4.2.8p12 fixes the following\nvulnerabilities (bsc#1111853) :\n\n - CVE-2018-12327: Fixed stack-based buffer overflow in the\n openhost() command-line call of NTPQ/NTPDC.\n (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for\n the ephemeral association time spoofing additional\n protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ntp-4.2.8p12-31.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ntp-debuginfo-4.2.8p12-31.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ntp-debugsource-4.2.8p12-31.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:54:20", "description": "NTP was updated to 4.2.8p12 (bsc#1111853) :\n\n - CVE-2018-12327: Fixed stack-based buffer overflow in the\n openhost() command-line call of NTPQ/NTPDC.\n (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for\n the ephemeral association time spoofing additional\n protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : ntp (openSUSE-2019-856)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2019-03-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:ntp-debuginfo", "p-cpe:/a:novell:opensuse:ntp-debugsource", "p-cpe:/a:novell:opensuse:ntp"], "id": "OPENSUSE-2019-856.NASL", "href": "https://www.tenable.com/plugins/nessus/123357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-856.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123357);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"openSUSE Security Update : ntp (openSUSE-2019-856)\");\n script_summary(english:\"Check for the openSUSE-2019-856 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP was updated to 4.2.8p12 (bsc#1111853) :\n\n - CVE-2018-12327: Fixed stack-based buffer overflow in the\n openhost() command-line call of NTPQ/NTPDC.\n (bsc#1098531)\n\n - CVE-2018-7170: Add further tweaks to improve the fix for\n the ephemeral association time spoofing additional\n protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ntp-4.2.8p12-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ntp-debuginfo-4.2.8p12-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ntp-debugsource-4.2.8p12-lp150.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T06:57:51", "description": "NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLES15 Security Update : ntp (SUSE-SU-2018:3386-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ntp-debugsource", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2018-3386-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120143", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3386-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120143);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"SUSE SLES15 Security Update : ntp (SUSE-SU-2018:3386-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12327/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7170/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183386-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53704a46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2018-2431=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"ntp-4.2.8p12-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"ntp-debuginfo-4.2.8p12-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"ntp-debugsource-4.2.8p12-4.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T06:57:49", "description": "NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-24T00:00:00", "title": "SUSE SLES12 Security Update : ntp (SUSE-SU-2018:3351-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ntp-doc", "p-cpe:/a:novell:suse_linux:ntp-debugsource", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2018-3351-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3351-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118355);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n\n script_name(english:\"SUSE SLES12 Security Update : ntp (SUSE-SU-2018:3351-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP was updated to 4.2.8p12 (bsc#1111853) :\n\nCVE-2018-12327: Fixed stack-based buffer overflow in the openhost()\ncommand-line call of NTPQ/NTPDC. (bsc#1098531)\n\nCVE-2018-7170: Add further tweaks to improve the fix for the ephemeral\nassociation time spoofing additional protection (bsc#1083424)\n\nPlease also see\nhttps://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\nfor more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12327/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7170/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183351-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b722507\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-2399=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-4.2.8p12-46.29.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-debuginfo-4.2.8p12-46.29.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-debugsource-4.2.8p12-46.29.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-doc-4.2.8p12-46.29.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:22:03", "description": "Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : ntp (2018-e585e25b72)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-E585E25B72.NASL", "href": "https://www.tenable.com/plugins/nessus/120864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-e585e25b72.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120864);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n script_xref(name:\"FEDORA\", value:\"2018-e585e25b72\");\n\n script_name(english:\"Fedora 28 : ntp (2018-e585e25b72)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e585e25b72\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"ntp-4.2.8p12-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T01:23:11", "description": "ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know\nthe private symmetric key to create arbitrarily-many ephemeral\nassociations in order to win the clock selection of ntpd and modify a\nvictim's clock via a Sybil attack. This issue exists because of an\nincomplete fix for CVE-2016-1549 .(CVE-2018-7170)\n\nThe ntpq and ntpdc command-line utilities that are part of ntp package\nare vulnerable to stack-based buffer overflow via crafted hostname.\nApplications using these vulnerable utilities with an untrusted input\nmay be potentially exploited, resulting in a crash or arbitrary code\nexecution under privileges of that application.(CVE-2018-12327)", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-20T00:00:00", "title": "Amazon Linux AMI : ntp (ALAS-2018-1083)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12327", "CVE-2018-7170", "CVE-2016-1549"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntpdate", "p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/117607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1083.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117607);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2018-12327\", \"CVE-2018-7170\");\n script_xref(name:\"ALAS\", value:\"2018-1083\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2018-1083)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know\nthe private symmetric key to create arbitrarily-many ephemeral\nassociations in order to win the clock selection of ntpd and modify a\nvictim's clock via a Sybil attack. This issue exists because of an\nincomplete fix for CVE-2016-1549 .(CVE-2018-7170)\n\nThe ntpq and ntpdc command-line utilities that are part of ntp package\nare vulnerable to stack-based buffer overflow via crafted hostname.\nApplications using these vulnerable utilities with an untrusted input\nmay be potentially exploited, resulting in a crash or arbitrary code\nexecution under privileges of that application.(CVE-2018-12327)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1083.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.8p12-1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.8p12-1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.8p12-1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.8p12-1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.8p12-1.39.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "aix": [{"lastseen": "2019-05-29T19:19:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12327", "CVE-2018-7170"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Dec 14 12:20:13 CST 2018\n\nThe most recent version of this document is available here:\nhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory11.asc\nhttps://aix.software.ibm.com/aix/efixes/security/ntp_advisory11.asc\nftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory11.asc\n\nSecurity Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, \n CVE-2018-7170)\n\n===============================================================================\n\nSUMMARY:\n\n There are vulnerabilities in NTPv4 that affect AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n NTPv4 is vulnerable to:\n\n CVEID: CVE-2018-12327\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327\n DESCRIPTION: NTP is vulnerable to a stack-based buffer overflow, caused \n by improper bounds checking by ntpq and ntpdc. By sending an overly \n long string argument, a local attacker could overflow a buffer and \n execute arbitrary code on the system with elevated privileges or \n cause the application to crash.\n CVSS Base Score: 5.9\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/145120\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n CVEID: CVE-2018-7170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n DESCRIPTION: NTP could allow a remote authenticated attacker to bypass \n security restrictions, caused by a Sybil attack. By creating many \n ephemeral associations, an attacker could exploit this vulnerability \n to win the clock selection of ntpd and modify a victim's clock. \n CVSS Base Score: 3.1\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/139786\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 6.1, 7.1, 7.2\n VIOS 2.2.x \n\n The vulnerabilities in the following filesets are being addressed:\n \n key_fileset = aix\n\n For NTPv4:\n\n Fileset Lower Level Upper Level KEY PRODUCT(S)\n ---------------------------------------------------------------------\n ntp.rte 7.4.2.8100 7.4.2.8110 key_w_fs NTPv4\n\n \n To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i ntp.rte\n\n\n REMEDIATION:\n\n FIXES\n\n AIX and VIOS fixes are available.\n\n The AIX/VIOS fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix11.tar\n http://aix.software.ibm.com/aix/efixes/security/ntp_fix11.tar\n https://aix.software.ibm.com/aix/efixes/security/ntp_fix11.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n For NTPv4:\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 6.1.x IJ10280s3b.181206.epkg.Z key_w_fix NTPv4\n 7.1.x IJ10280s3b.181206.epkg.Z key_w_fix NTPv4\n 7.2.x IJ10280s3b.181206.epkg.Z key_w_fix NTPv4\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.x IJ10280s3b.181206.epkg.Z key_w_fix NTPv4\n\n To extract the fixes from the tar file:\n\n tar xvf ntp_fix11.tar \n cd ntp_fix11\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 000891c62f5e59c34909399d0ef4c74c72048a4fc1e7e50b66dedaa4fcf0ee87 IJ10280s3b.181206.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy. \n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/ntp_advisory11.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/ntp_advisory11.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory11.asc.sig \n\n FIX AND INTERIM FIX INSTALLATION\n\n If possible, it is recommended that a mksysb backup of the system \n be created. Verify it is both bootable and readable before\n proceeding.\n\n The fix will not take affect until any running xntpd servers\n have been stopped and restarted with the following commands:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n After installation the ntp daemon must be restarted:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n ftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n IBM Secure Engineering Web Portal\n http://www.ibm.com/security/secure-engineering/bulletins.html\n\n IBM Product Security Incident Response Blog\n https://www.ibm.com/blogs/psirt/\n\n Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327,\n CVE-2018-7170)\n https://www-01.ibm.com/support/docview.wss?uid=ibm10744497\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Fri Dec 14 12:20:13 CST 2018\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n", "edition": 3, "modified": "2018-12-14T12:20:13", "published": "2018-12-14T12:20:13", "id": "NTP_ADVISORY11.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/ntp_advisory11.asc", "title": "There are vulnerabilities in NTPv4 that affect AIX.", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T00:52:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7184", "CVE-2018-7185", "CVE-2018-7183", "CVE-2014-5209", "CVE-2018-7170", "CVE-2016-1549", "CVE-2018-7182"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Tue Aug 14 14:48:57 CDT 2018\n\nThe most recent version of this document is available here:\nhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc\nhttps://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc\nftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc\n\nSecurity Bulletin: Vulnerabilities in NTP affect AIX\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in NTPv3 and NTPv4 that affect AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n NTPv3 is vulnerable to:\n\n CVEID: CVE-2014-5209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5209\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5209\n DESCRIPTION: NTP could allow a remote attacker to obtain sensitive \n information. By sending a GET_RESTRICT control message, an attacker \n could exploit this vulnerability to obtain internal or alternative \n IP addresses and other sensitive information.\n CVSS Base Score: 5.0\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/95841\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n NTPv3 and NTPv4 are vulnerable to:\n\n CVEID: CVE-2018-7182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n DESCRIPTION: NTP could allow a remote attacker to obtain sensitive \n information, caused by a leak in the ctl_getitem() function. By \n sending a specially crafted mode 6 packet, an attacker could exploit \n this vulnerability to read past the end of its buffer.\n CVSS Base Score: 5.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/139785\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n CVEID: CVE-2018-7183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183\n DESCRIPTION: NTP is vulnerable to a buffer overflow, caused by improper \n bounds checking by the decodearr function. By leveraging an ntpq \n query and sending a response with a crafted array, a remote attacker \n could overflow a buffer and execute arbitrary code on the system or \n cause the application to crash.\n CVSS Base Score: 5.6\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/140092\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n NTPv4 is vulnerable to:\n\n CVEID: CVE-2018-7170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n DESCRIPTION: NTP could allow a remote authenticated attacker to bypass \n security restrictions, caused by a Sybil attack. By creating many \n ephemeral associations, an attacker could exploit this vulnerability \n to win the clock selection of ntpd and modify a victim's clock. \n CVSS Base Score: 3.1\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/139786\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n CVEID: CVE-2018-7184\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n DESCRIPTION: NTP is vulnerable to a denial of service, caused by the \n failure of the interleaved symmetric mode to recover from bad state. \n By sending specially crafted packets, a remote authenticated \n attacker could exploit this vulnerability to cause a denial of \n service.\n CVSS Base Score: 3.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/139784\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2018-7185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n DESCRIPTION: NTP is vulnerable to a denial of service. By sending \n specially crafted packets, a remote authenticated attacker could \n exploit this vulnerability to reset authenticated interleaved \n association.\n CVSS Base Score: 3.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/139783\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n DESCRIPTION: NTP could allow a remote authenticated attacker to \n bypass security restrictions, caused by the failure to prevent \n Sybil attacks from authenticated peers. By creating multiple \n ephemeral associations to win the clock selection of ntpd, an \n attacker could exploit this vulnerability to modify a victim's \n clock.\n CVSS Base Score: 5.3 \n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112741 \n for the current score \n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x \n\n The vulnerabilities in the following filesets are being addressed:\n \n key_fileset = aix\n\n For NTPv3:\n\n Fileset Lower Level Upper Level KEY PRODUCT(S) \n ---------------------------------------------------------------------\n bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs NTPv3\n bos.net.tcp.client 6.1.9.0 6.1.9.315 key_w_fs NTPv3\n bos.net.tcp.client 7.1.4.0 7.1.4.33 key_w_fs NTPv3\n bos.net.tcp.client 7.1.5.0 7.1.5.15 key_w_fs NTPv3\n bos.net.tcp.ntpd 7.2.0.0 7.2.0.4 key_w_fs NTPv3\n bos.net.tcp.ntpd 7.2.1.0 7.2.1.2 key_w_fs NTPv3\n bos.net.tcp.ntpd 7.2.2.0 7.2.2.15 key_w_fs NTPv3\n\n For NTPv4:\n\n Fileset Lower Level Upper Level KEY PRODUCT(S)\n ---------------------------------------------------------------------\n ntp.rte 7.4.2.8100 7.4.2.8100 key_w_fs NTPv4 \n\n \n To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.client\n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n For NTPv3:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 5.3.12 IJ06657 ** N/A key_w_apar NTPv3\n 6.1.9 IJ06651 ** SP12 key_w_apar NTPv3\n 7.1.4 IJ06652 ** SP7 key_w_apar NTPv3\n 7.1.5 IJ06653 ** SP3 key_w_apar NTPv3\n 7.2.0 IJ06654 ** N/A key_w_apar NTPv3\n 7.2.1 IJ06655 ** SP5 key_w_apar NTPv3\n 7.2.2 IJ06656 ** SP3 key_w_apar NTPv3\n\n VIOS Level APAR Availability SP KEY PRODUCT(S)\n ----------------------------------------------------------------\n 2.2.4 IJ06651 ** N/A key_w_apar NTPv3\n 2.2.5 IJ06651 ** 2.2.5.50 key_w_apar NTPv3\n 2.2.6 IJ06651 ** 2.2.6.30 key_w_apar NTPv3\n\n For NTPv4:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 6.1.9 IJ06400 ** SP12 key_w_apar NTPv4\n 7.1.4 IJ06400 ** SP7 key_w_apar NTPv4\n 7.1.5 IJ06400 ** SP3 key_w_apar NTPv4\n 7.2.0 IJ06400 ** N/A key_w_apar NTPv4\n 7.2.1 IJ06400 ** SP5 key_w_apar NTPv4\n 7.2.2 IJ06400 ** SP3 key_w_apar NTPv4\n\n VIOS Level APAR Availability SP KEY PRODUCT(S)\n ----------------------------------------------------------------\n 2.2.4 IJ06400 ** N/A key_w_apar NTPv4\n 2.2.5 IJ06400 ** 2.2.5.50 key_w_apar NTPv4\n 2.2.6 IJ06400 ** 2.2.6.30 key_w_apar NTPv4\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IJ06400\n http://www.ibm.com/support/docview.wss?uid=isg1IJ06651\n http://www.ibm.com/support/docview.wss?uid=isg1IJ06652\n http://www.ibm.com/support/docview.wss?uid=isg1IJ06653\n http://www.ibm.com/support/docview.wss?uid=isg1IJ06654\n http://www.ibm.com/support/docview.wss?uid=isg1IJ06655\n http://www.ibm.com/support/docview.wss?uid=isg1IJ06656\n\n https://www.ibm.com/support/docview.wss?uid=isg1IJ06400\n https://www.ibm.com/support/docview.wss?uid=isg1IJ06651\n https://www.ibm.com/support/docview.wss?uid=isg1IJ06652\n https://www.ibm.com/support/docview.wss?uid=isg1IJ06653\n https://www.ibm.com/support/docview.wss?uid=isg1IJ06654\n https://www.ibm.com/support/docview.wss?uid=isg1IJ06655\n https://www.ibm.com/support/docview.wss?uid=isg1IJ06656\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n AIX and VIOS fixes are available.\n\n The AIX/VIOS fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix10.tar\n http://aix.software.ibm.com/aix/efixes/security/ntp_fix10.tar\n https://aix.software.ibm.com/aix/efixes/security/ntp_fix10.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n For NTPv3:\n \n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 5.3.12.9 IJ06657m9a.180529.epkg.Z key_w_fix NTPv3\n 6.1.9.9 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 6.1.9.10 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 6.1.9.11 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 7.1.4.4 IJ06652m4a.180528.epkg.Z key_w_fix NTPv3\n 7.1.4.5 IJ06652m4a.180528.epkg.Z key_w_fix NTPv3\n 7.1.4.6 IJ06652m4a.180528.epkg.Z key_w_fix NTPv3\n 7.1.5.0 IJ06653m0a.180527.epkg.Z key_w_fix NTPv3\n 7.1.5.1 IJ06653m0a.180527.epkg.Z key_w_fix NTPv3\n 7.1.5.2 IJ06653m0a.180527.epkg.Z key_w_fix NTPv3\n 7.2.0.4 IJ06654m4a.180527.epkg.Z key_w_fix NTPv3\n 7.2.0.5 IJ06654m4a.180527.epkg.Z key_w_fix NTPv3\n 7.2.0.6 IJ06654m4a.180527.epkg.Z key_w_fix NTPv3\n 7.2.1.2 IJ06655m2a.180527.epkg.Z key_w_fix NTPv3\n 7.2.1.3 IJ06655m2a.180527.epkg.Z key_w_fix NTPv3\n 7.2.1.4 IJ06655m2a.180527.epkg.Z key_w_fix NTPv3\n 7.2.2.0 IJ06656m0a.180527.epkg.Z key_w_fix NTPv3\n 7.2.2.1 IJ06656m0a.180527.epkg.Z key_w_fix NTPv3\n 7.2.2.2 IJ06656m0a.180527.epkg.Z key_w_fix NTPv3\n\n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.2.2.2 is AIX 7200-02-02.\n\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.4.40 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.4.50 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.4.60 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.5.20 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.5.30 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.5.40 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.6.0 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.6.10 IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n 2.2.6.2x IJ06651m9a.180528.epkg.Z key_w_fix NTPv3\n\n\n For NTPv4:\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 6.1.x IJ06400s9a.180514.epkg.Z key_w_fix NTPv4\n 7.1.x IJ06400s9a.180514.epkg.Z key_w_fix NTPv4\n 7.2.x IJ06400s9a.180514.epkg.Z key_w_fix NTPv4\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.x IJ06400s9a.180514.epkg.Z key_w_fix NTPv4\n\n To extract the fixes from the tar file:\n\n tar xvf ntp_fix10.tar \n cd ntp_fix10\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 456eefb0975171e71cedd71431b6e23ebf16b226c4344a34b9c6452cb862fc42 IJ06400s9a.180514.epkg.Z key_w_csum\n e17cc1dc210f3b8f802d4b52cda05f1a89cd6de2cea371e9a7bea5452dd686f5 IJ06651m9a.180528.epkg.Z key_w_csum\n 3c92a6063d36be79cd716843fc8221f96911922a62b91a20e86d10ead054255a IJ06652m4a.180528.epkg.Z key_w_csum\n 17f7a37fedba73dd7e3862ced003436b22c5b74c7ca8dcc0dcde3306cff0d64f IJ06653m0a.180527.epkg.Z key_w_csum\n 7792b56540634644b2fb9b47a8d5449eb62a89ea83e965e265d5b3fe3a2d01bd IJ06654m4a.180527.epkg.Z key_w_csum\n 223874b300b8a4201c6f6cdc0eb53bc09e4c22f9f00902713143b3df3569e0c0 IJ06655m2a.180527.epkg.Z key_w_csum\n f0e0c59274a89dc18064f8e49d4fa47de870e94b3b2d84d841f2e41c890cd035 IJ06656m0a.180527.epkg.Z key_w_csum\n 4a8e6ba8e5f5bf6651c339ee8ccffbcf6cd50f5004f1598d0ac70ecfe58ee823 IJ06657m9a.180529.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy. \n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n If possible, it is recommended that a mksysb backup of the system \n be created. Verify it is both bootable and readable before\n proceeding.\n\n The fix will not take affect until any running xntpd servers\n have been stopped and restarted with the following commands:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n After installation the ntp daemon must be restarted:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n ftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n IBM Secure Engineering Web Portal\n http://www.ibm.com/security/secure-engineering/bulletins.html\n\n IBM Product Security Incident Response Blog\n https://www.ibm.com/blogs/psirt/\n\n Security Bulletin: Vulnerabilities in NTP affect AIX \n https://www-01.ibm.com/support/docview.wss?uid=ibm10718835\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Tue Aug 14 14:48:57 CDT 2018\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n\n", "edition": 15, "modified": "2018-08-14T14:48:57", "published": "2018-08-14T14:48:57", "id": "NTP_ADVISORY10.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc", "title": "Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:28", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12327", "CVE-2018-7170", "CVE-2016-1549"], "description": "**Issue Overview:**\n\nntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for [CVE-2016-1549 __](<https://access.redhat.com/security/cve/CVE-2016-1549>).([CVE-2018-7170 __](<https://access.redhat.com/security/cve/CVE-2018-7170>))\n\nThe ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.([CVE-2018-12327 __](<https://access.redhat.com/security/cve/CVE-2018-12327>))\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n ntpdate-4.2.8p12-1.39.amzn1.i686 \n ntp-4.2.8p12-1.39.amzn1.i686 \n ntp-debuginfo-4.2.8p12-1.39.amzn1.i686 \n \n noarch: \n ntp-perl-4.2.8p12-1.39.amzn1.noarch \n ntp-doc-4.2.8p12-1.39.amzn1.noarch \n \n src: \n ntp-4.2.8p12-1.39.amzn1.src \n \n x86_64: \n ntp-debuginfo-4.2.8p12-1.39.amzn1.x86_64 \n ntp-4.2.8p12-1.39.amzn1.x86_64 \n ntpdate-4.2.8p12-1.39.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-09-19T17:19:00", "published": "2018-09-19T17:19:00", "id": "ALAS-2018-1083", "href": "https://alas.aws.amazon.com/ALAS-2018-1083.html", "title": "Low: ntp", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7184", "CVE-2015-7704", "CVE-2018-7185", "CVE-2018-7183", "CVE-2018-7170", "CVE-2016-1549", "CVE-2018-7182"], "description": "**Issue Overview:**\n\nEphemeral association time spoofing additional protection \nntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for [CVE-2016-1549 __](<https://access.redhat.com/security/cve/CVE-2016-1549>).([CVE-2018-7170 __](<https://access.redhat.com/security/cve/CVE-2018-7170>))\n\nInterleaved symmetric mode cannot recover from bad state \nntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for [CVE-2015-7704 __](<https://access.redhat.com/security/cve/CVE-2015-7704>).([CVE-2018-7184 __](<https://access.redhat.com/security/cve/CVE-2018-7184>))\n\nEphemeral association time spoofing \nA malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.([CVE-2016-1549 __](<https://access.redhat.com/security/cve/CVE-2016-1549>))\n\nBuffer read overrun leads information leak in ctl_getitem() \nThe ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. ([CVE-2018-7182 __](<https://access.redhat.com/security/cve/CVE-2018-7182>))\n\nUnauthenticated packet can reset authenticated interleaved association \nThe protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.([CVE-2018-7185 __](<https://access.redhat.com/security/cve/CVE-2018-7185>))\n\ndecodearr() can write beyond its buffer limit \nBuffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.([CVE-2018-7183 __](<https://access.redhat.com/security/cve/CVE-2018-7183>))\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n ntpdate-4.2.8p11-1.37.amzn1.i686 \n ntp-4.2.8p11-1.37.amzn1.i686 \n ntp-debuginfo-4.2.8p11-1.37.amzn1.i686 \n \n noarch: \n ntp-doc-4.2.8p11-1.37.amzn1.noarch \n ntp-perl-4.2.8p11-1.37.amzn1.noarch \n \n src: \n ntp-4.2.8p11-1.37.amzn1.src \n \n x86_64: \n ntpdate-4.2.8p11-1.37.amzn1.x86_64 \n ntp-4.2.8p11-1.37.amzn1.x86_64 \n ntp-debuginfo-4.2.8p11-1.37.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-05-10T17:01:00", "published": "2018-05-10T17:01:00", "id": "ALAS-2018-1009", "href": "https://alas.aws.amazon.com/ALAS-2018-1009.html", "title": "Medium: ntp", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7184", "CVE-2016-9311", "CVE-2015-7704", "CVE-2016-7433", "CVE-2018-7185", "CVE-2018-7183", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-9310", "CVE-2018-7170", "CVE-2016-1549", "CVE-2017-6464", "CVE-2018-7182", "CVE-2016-7426"], "description": "**Issue Overview:**\n\nEphemeral association time spoofing additional protection \nntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for [CVE-2016-1549 __](<https://access.redhat.com/security/cve/CVE-2016-1549>).([CVE-2018-7170 __](<https://access.redhat.com/security/cve/CVE-2018-7170>))\n\nInterleaved symmetric mode cannot recover from bad state \nntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for [CVE-2015-7704 __](<https://access.redhat.com/security/cve/CVE-2015-7704>).([CVE-2018-7184 __](<https://access.redhat.com/security/cve/CVE-2018-7184>))\n\nEphemeral association time spoofing \nA malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.([CVE-2016-1549 __](<https://access.redhat.com/security/cve/CVE-2016-1549>))\n\nBuffer read overrun leads information leak in ctl_getitem() \nThe ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. ([CVE-2018-7182 __](<https://access.redhat.com/security/cve/CVE-2018-7182>))\n\nUnauthenticated packet can reset authenticated interleaved association \nThe protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.([CVE-2018-7185 __](<https://access.redhat.com/security/cve/CVE-2018-7185>))\n\ndecodearr() can write beyond its buffer limit \nBuffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.([CVE-2018-7183 __](<https://access.redhat.com/security/cve/CVE-2018-7183>))\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n ntp-perl-4.2.6p5-28.amzn2.2.1.noarch \n ntp-doc-4.2.6p5-28.amzn2.2.1.noarch \n \n src: \n ntp-4.2.6p5-28.amzn2.2.1.src \n \n x86_64: \n ntp-4.2.6p5-28.amzn2.2.1.x86_64 \n ntpdate-4.2.6p5-28.amzn2.2.1.x86_64 \n sntp-4.2.6p5-28.amzn2.2.1.x86_64 \n ntp-debuginfo-4.2.6p5-28.amzn2.2.1.x86_64 \n \n \n", "edition": 1, "modified": "2018-05-10T17:11:00", "published": "2018-05-10T17:11:00", "id": "ALAS2-2018-1009", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1009.html", "title": "Medium: ntp", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1549", "CVE-2018-7170", "CVE-2018-7182", "CVE-2018-7184", "CVE-2018-7185"], "description": "New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded.\n This release addresses five security issues in ntpd:\n * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\n ephemeral association attack. While fixed in ntp-4.2.8p7, there are\n significant additional protections for this issue in 4.2.8p11.\n Reported by Matt Van Gundy of Cisco.\n * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\n read overrun leads to undefined behavior and information leak.\n Reported by Yihan Lian of Qihoo 360.\n * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n ephemeral associations. Reported on the questions@ list.\n * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\n cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat.\n * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\n can reset authenticated interleaved association.\n Reported by Miroslav Lichvar of Red Hat.\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nd2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz\n\nSlackware x86_64 -current package:\nfa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "modified": "2018-03-01T23:49:07", "published": "2018-03-01T23:49:07", "id": "SSA-2018-060-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.511203", "type": "slackware", "title": "[slackware-security] ntp", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2018-05-28T01:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7184", "CVE-2018-7185", "CVE-2018-7183", "CVE-2018-7170", "CVE-2018-7182"], "description": "### Background\n\nNTP contains software for the Network Time Protocol.\n\n### Description\n\nMultiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/ntp-4.2.8_p11\"", "edition": 1, "modified": "2018-05-26T00:00:00", "published": "2018-05-26T00:00:00", "id": "GLSA-201805-12", "href": "https://security.gentoo.org/glsa/201805-12", "title": "NTP: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7184", "CVE-2018-7185", "CVE-2018-7183", "CVE-2018-7170", "CVE-2016-1549", "CVE-2018-7182"], "description": "\nNetwork Time Foundation reports:\n\nThe NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.\nThis release addresses five security issues in ntpd:\n\nLOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil\n\t vulnerability: ephemeral association attack\nINFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909:\n\t ctl_getitem(): buffer read overrun leads to undefined\n\t behavior and information leak\nLOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple\n\t authenticated ephemeral associations\nLOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved\n\t symmetric mode cannot recover from bad state\nLOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909:\n\t Unauthenticated packet can reset authenticated interleaved\n\t association\n\none security issue in ntpq:\n\nMEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909:\n\t ntpq:decodearr() can write beyond its buffer limit\n\nand provides over 33 bugfixes and 32 other improvements.\n\n", "edition": 6, "modified": "2018-03-14T00:00:00", "published": "2018-02-27T00:00:00", "id": "AF485EF4-1C58-11E8-8477-D05099C0AE8C", "href": "https://vuxml.freebsd.org/freebsd/af485ef4-1c58-11e8-8477-d05099c0ae8c.html", "title": "ntp -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2021-01-15T20:46:38", "bulletinFamily": "software", "cvelist": ["CVE-2018-7170", "CVE-2018-7174", "CVE-2018-7182", "CVE-2018-7183", "CVE-2018-7184", "CVE-2018-7185"], "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target from updating its system time, and cause denial of service through application crashes. \n \n\n\n### AFFECTED PRODUCTS \n\nThe following products are vulnerable:\n\n**Content Analysis** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 2.4 and later | Not vulnerable, fixed in 2.4.1.1 \n2.3 | Upgrade to 2.3.5.1. \n2.1, 2.2 | Upgrade to a later version with fixes. \n \n \n\nDirector \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\n**Mail Threat Defense** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\n**Management Center** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1. \n1.11, 2.0 | Upgrade to a later version with fixes. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7170, CVE-2018-7185 | 10.5 | Not vulnerable, fixed in 10.5.1.1 \n10.3, 10.4 (has vulnerable code, but not vulnerable to known vectors of attack) | Upgrade to a later version with fixes. \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 10.1, 10.2 | Upgrade to a later version with fixes. \nAll CVEs | 9.5 | Not vulnerable \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7170 and CVE-2018-7185 | 7.2, 8.1, 8.2 | Not available at this time \n7.1, 7.3, 8.0 | Upgrade to later version with fixes. \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 7.2 | Not available at this time \n \n \n\n**SSL Visibility** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182 | 5.0 | Not vulnerable, fixed in 5.0.2.1. \n4.5 | Not vulnerable, fixed in 4.5.1.1. \n4.1, 4.2, 4.3, 4.4 | Upgrade to a later version with fixes. \n3.12 | Upgrade to a later version with fixes. \n3.11 | Upgrade to a later version with fixes. \n3.10 | Upgrade to a later version with fixes. \n3.8.4FC | Upgrade to a later version with fixes. \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-7170 | 1.13, 1.14 | Not available at this time \n1.12 | Upgrade to a later version with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7185 | 10.0, 11.0 | A fix will not be provided. \n \n \n\nThe following products contain a vulnerable version of the ntp.org NTP reference implementation, but are not vulnerable to known vectors of attack:\n\n**Advanced Secure Gateway** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 7.1 and later | Not vulnerable, fixed in 7.1.1.1 \n6.7 | Upgrade to 6.7.4.2. \n6.6 | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION \n\nSymantec Network Protection products do not enable or use all functionality within the ntp.org NTP reference implementation. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **ASG:** all CVEs\n * **CA:** CVE-2018-7170 and CVE-2018-7185\n * **MTD:** CVE-2018-7170 and CVE-2018-7185\n * **MC:** CVE-2018-7170 and CVE-2018-7185\n * **Reporter:** CVE-2018-7170 and CVE-2018-7185\n * **SSLV:** all CVEs except CVE-2018-7182\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nSymantec HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nMalware Analysis \nNorman Shark Industrial Control System Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG \nUnified Agent \n \n**\n\n### ISSUES\n\n**CVE-2018-7170** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 103194](<https://www.securityfocus.com/bid/103194>) / NVD: [CVE-2018-7170](<https://nvd.nist.gov/vuln/detail/CVE-2018-7170>) \n**Impact** | Unauthorized modification of system time \n**Description** | A Sybil vulnerability in ntpd allows remote authenticated NTP servers to establish a large number of ephemeral associations in order to influence the ntpd clock selection algorithm and modify the target's system time. \n \n \n\n**CVE-2018-7182** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 103191](<https://www.securityfocus.com/bid/103191>) / NVD: [CVE-2018-7182](<https://nvd.nist.gov/vuln/detail/CVE-2018-7182>) \n**Impact** | Denial of service \n**Description** | A buffer overread flaw in ntpd allows a remote attacker to send crafted mode 6 packets and cause denial of service through application crashes. \n \n \n\n**CVE-2018-7183** \n--- \n**Severity / CVSSv2** | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 103351](<https://www.securityfocus.com/bid/103351>) / NVD: [CVE-2018-7183](<https://nvd.nist.gov/vuln/detail/CVE-2018-7183>) \n**Impact** | Denial of service \n**Description** | A buffer overflow flaw in ntpq allows a remote attacker to send a response with a crafted array and execute arbitrary code or cause denial of service. \n \n \n\n**CVE-2018-7184** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 103192](<https://www.securityfocus.com/bid/103192>) / NVD: [CVE-2018-7184](<https://nvd.nist.gov/vuln/detail/CVE-2018-7184>) \n**Impact** | Denial of service \n**Description** | A packet handling flaw in ntpd allows a remote attacker to send a packet with a zero-origin timestamp and reset the NTP association. This prevents ntpd from updating the system time until the NTP association resets, resulting in denial of service. \n \n \n\n**CVE-2018-7185** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 103339](<https://www.securityfocus.com/bid/103339>) / NVD: [CVE-2018-7185](<https://nvd.nist.gov/vuln/detail/CVE-2018-7185>) \n**Impact** | Denial of service \n**Description** | A packet handling flaw in ntpd allows a remote attacker to send a packet with a zero-origin timestamp and reset the NTP association. \n \n \n\n### MITIGATION\n\nAll CVEs except CVE-2018-7183 can be exploited only through the management network port for Director, MTD, MC, and SSLV. Allowing only machines, IP addresses and subnets from a trusted network to access to the management network port reduces the threat of exploiting the vulnerabilities.\n\nBy default, Director does not configure ntpd in symmetric on interleave mode. Customers who leave this behavior unchanged prevent attacks against Director using CVE-2018-7170, CVE-2018-7174, and CVE-2018-7185.\n\nBy default, all versions of Security Analytics do not configure ntpd in symmetric or interleave mode. Customers who leave this behavior unchanged prevent attacks against Security Analytics using CVE-2018-7170 and CVE-2018-7185. Also, Security Analytics 7.2 does not query remote NTP servers using ntpq. Customers who leave this behavior unchanged prevent attacks against Security Analytics 7.2 using CVE-2018-7183. \n \n\n\n### REFERENCES\n\nNTP Security Notice - <https://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S> \n \n\n\n### REVISION \n\n2021-01-15 WI 1.14 is vulnerable to CVE-2018-7170. A fix is not available at this time. Fixes will not be provided for WI 1.12. Please upgrade to a later release with the vulnerability fixes. \n2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-18 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-04-17 Content Analysis (CA) 2.4 and later versions are not vulnerable because a fix is available in 2.4.1.1. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Fixes for Reporter 10.3 and SSLV 4.4 will not be provided. Please upgrade to later versions with the vulnerability fixes. Security Analytics 8.1 is vulnerable to CVE-2018-7170 and CVE-2018-7185. Advanced Secure Gateway (ASG) 7.1 and later are not vulnerable because a fix is available in 7.1.1.1. \n2019-10-07 WI 1.12 and 1.13 are vulnerable to CVE-2018-7170. A fix is not available at this time. \n2019-08-30 Reporter 10.4 has a vulnerable version of the NTP reference implementation, but is not vulnerable to known vectors of attack. \n2019-08-12 A fix for MC 2.0 will not be provided. Please update to a later version with the vulnerability fixes. \n2019-08-09 SSLV 4.5 is not vulnerable because a fix is available in 4.5.1.1. \n2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-06 A fix for SSLV 4.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-02-27 A fix for CA 2.3 is available in 2.3.5.1. A fix for ASG 6.7 is available in 6.7.4.2. \n2019-02-04 A fix for CA 2.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-21 Security Analytics 8.0 is vulnerable to CVE-2018-7170 and CVE-2018-7185. \n2019-01-18 SSLV 4.3 and 4.4 are vulnerable to CVE-2018-7182. SSLV 5.0 is not vulnerable because a fix is available in 5.0.2.1. A fix for SSLV 4.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-14 MC 2.1 is not vulnerable because a fix is available in 2.1.1.1. A fix for MC 1.11 will not be provided. Please update to a later version with the vulnerability fixes. Reporter 10.3 has a vulnerable version of the NTP reference implementation, but is not vulnerable to known vectors of attack. \n2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please update to a later version with the vulnerability fixes. \n2019-01-11 A fix for CA 2.1 will not be provided. Please update to a later version with the vulnerability fixes. \n2018-07-23 Director 6.1 is vulnerable to all CVEs. \n2018-04-26 initial public release\n", "modified": "2021-01-15T20:22:24", "published": "2018-04-26T08:00:00", "id": "SMNTC-1451", "href": "", "type": "symantec", "title": " SA165: NTP Vulnerabilities February 2018", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1549", "CVE-2018-7170", "CVE-2018-7182", "CVE-2018-7183", "CVE-2018-7184", "CVE-2018-7185"], "description": "Arch Linux Security Advisory ASA-201803-11\n==========================================\n\nSeverity: High\nDate : 2018-03-16\nCVE-ID : CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183\nCVE-2018-7184 CVE-2018-7185\nPackage : ntp\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-647\n\nSummary\n=======\n\nThe package ntp before version 4.2.8.p11-1 is vulnerable to multiple\nissues including arbitrary code execution, content spoofing and denial\nof service.\n\nResolution\n==========\n\nUpgrade to 4.2.8.p11-1.\n\n# pacman -Syu \"ntp>=4.2.8.p11-1\"\n\nThe problems have been fixed upstream in version 4.2.8.p11.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-1549 (content spoofing)\n\nA malicious authenticated peer can create arbitrarily-many ephemeral\nassociations in order to win the clock selection algorithm in ntpd in\nNTP 4.2.8p4 and earlier and NTPsec\n3e160db8dc248a0bcb053b56a80167dc742d2b74 and\na5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.\n\n- CVE-2018-7170 (content spoofing)\n\nntpd can be vulnerable to Sybil attacks. If a system is set up to use a\ntrustedkey and if one is not using the feature introduced in\nntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to\nspecify which IPs can serve time, a malicious authenticated peer --\ni.e. one where the attacker knows the private symmetric key -- can\ncreate arbitrarily-many ephemeral associations in order to win the\nclock selection of ntpd and modify a victim's clock.\n\n- CVE-2018-7182 (denial of service)\n\nctl_getitem() is used by ntpd to process incoming mode 6 packets. A\nmalicious mode 6 packet can be sent to an ntpd instance, and if the\nntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause\nctl_getitem() to read past the end of its buffer.\n\n- CVE-2018-7183 (arbitrary code execution)\n\nntpq is a monitoring and control program for ntpd. decodearr() is an\ninternal function of ntpq that is used to -- wait for it -- decode an\narray in a response string when formatted data is being displayed. This\nis a problem in affected versions of ntpq if a maliciously-altered ntpd\nreturns an array result that will trip this bug, or if a bad actor is\nable to read an ntpq request on its way to a remote ntpd server and\nforge and send a response before the remote ntpd sends its response.\nIt's potentially possible that the malicious data could become\ninjectable/executable code.\n\n- CVE-2018-7184 (denial of service)\n\nThe fix for NtpBug2952 was incomplete, and while it fixed one problem\nit created another. Specifically, it drops bad packets before updating\nthe \"received\" timestamp. This means a third-party can inject a packet\nwith a zero-origin timestamp, meaning the sender wants to reset the\nassociation, and the transmit timestamp in this bogus packet will be\nsaved as the most recent \"received\" timestamp. The real remote peer\ndoes not know this value and this will disrupt the association until\nthe association resets.\n\n- CVE-2018-7185 (denial of service)\n\nThe NTP Protocol allows for both non-authenticated and authenticated\nassociations, in client/server, symmetric (peer), and several broadcast\nmodes. In addition to the basic NTP operational modes, symmetric mode\nand broadcast servers can support an interleaved mode of operation. In\nntp-4.2.8p4 a bug was inadvertently introduced into the protocol engine\nthat allows a non-authenticated zero-origin (reset) packet to reset an\nauthenticated interleaved peer association. If an attacker can send a\npacket with a zero-origin timestamp and the source IP address of the\n\"other side\" of an interleaved association, the 'victim' ntpd will\nreset its association. The attacker must continue sending these packets\nin order to maintain the disruption of the association. In ntp-4.0.0\nthru ntp-4.2.8p6, interleave mode could be entered dynamically. As of\nntp-4.2.8p7, interleaved mode must be explicitly configured/enabled.\n\nImpact\n======\n\nA remote, non-authenticated peer can cause a denial of service,\npreventing the vulnerable host from getting a correct time. In addition\nto that, a remote, authenticated peer can spoof the correct time,\ncausing the vulnerable host to update its clock with an invalid time.\nA malicious NTPd server, or an attacker in position of man-in-the-\nmiddle might be able to execute arbitrary code on the affected host by\nforging a response to an ntpq request.\n\nReferences\n==========\n\nhttp://support.ntp.org/bin/view/Main/NtpBug3012\nhttp://support.ntp.org/bin/view/Main/NtpBug3415\nhttp://support.ntp.org/bin/view/Main/NtpBug3412\nhttp://support.ntp.org/bin/view/Main/NtpBug3414\nhttp://support.ntp.org/bin/view/Main/NtpBug3453\nhttp://support.ntp.org/bin/view/Main/NtpBug3454\nhttps://security.archlinux.org/CVE-2016-1549\nhttps://security.archlinux.org/CVE-2018-7170\nhttps://security.archlinux.org/CVE-2018-7182\nhttps://security.archlinux.org/CVE-2018-7183\nhttps://security.archlinux.org/CVE-2018-7184\nhttps://security.archlinux.org/CVE-2018-7185", "modified": "2018-03-16T00:00:00", "published": "2018-03-16T00:00:00", "id": "ASA-201803-11", "href": "https://security.archlinux.org/ASA-201803-11", "type": "archlinux", "title": "[ASA-201803-11] ntp: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
