ID SOL71245322 Type f5 Reporter f5 Modified 2016-10-05T00:00:00
Description
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
Supplemental Information
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy
{"cve": [{"lastseen": "2017-11-25T11:37:06", "references": ["https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us", "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html", "https://www.kb.cert.org/vuls/id/718152", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd", "http://www.securitytracker.com/id/1034782", "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html", "http://www.ubuntu.com/usn/USN-3096-1", "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html", "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html", "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html", "https://security.netapp.com/advisory/ntap-20171004-0002/", "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html", "https://security.netapp.com/advisory/ntap-20171031-0001/", "https://security.gentoo.org/glsa/201607-15", "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html", "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html", "http://www.securityfocus.com/bid/81811", "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc", "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security", "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html", "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html", "http://rhn.redhat.com/errata/RHSA-2016-0063.html", "https://bto.bluecoat.com/security-advisory/sa113", "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd", "http://www.debian.org/security/2016/dsa-3629"], "edition": 5, "description": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "reporter": "NVD", "published": "2017-01-30T16:59:00", "title": "CVE-2015-8138", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8138"], "scanner": [], "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.2.8:p5", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "modified": "2017-11-20T21:29:01", "id": "CVE-2015-8138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8138", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:40", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 570697 (BIG-IP), ID 573411 (BIG-IQ), ID 507785 (ARX), LRS-60602 (LineRate), and INSTALLER-2199 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 - HF11 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9| Medium| ntpd \nBIG-IP AFM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9| Medium| ntpd \nBIG-IP Analytics| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1| Medium| ntpd \nBIG-IP APM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP ASM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP DNS| 12.0.0 - 12.1.0| 12.1.1 - 12.1.2| Medium| ntpd \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| 11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP Link Controller| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP PEM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9| Medium| ntpd \nBIG-IP PSM| 11.4.1 HF9 \n11.4.0 HF10| 11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| ntpd \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ ADC| 4.5.0| None| Medium| ntpd \nBIG-IQ Centralized Management| 4.6.0| None| Medium| ntpd \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| ntpd \nLineRate| 2.5.0 - 2.6.1| None| Medium| ntpd \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| ntpd\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "reporter": "f5", "published": "2016-02-22T22:22:00", "title": "NTP vulnerability CVE-2015-8138", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-8138"], "modified": "2017-03-14T19:23:00", "href": "https://support.f5.com/csp/article/K71245322", "id": "F5:K71245322", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:02", "references": [], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "reporter": "f5", "published": "2016-12-17T02:37:00", "type": "f5", "title": "Multiple NTP vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-9312", "CVE-2015-8138", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-7431"], "modified": "2017-03-14T19:23:00", "href": "https://support.f5.com/csp/article/K80996302", "id": "F5:K80996302", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:46:33", "references": ["2016:0063-01", "https://www.redhat.com/archives/rhsa-announce/2016-January/msg00032.html"], "pluginID": "1361412562310871547", "description": "Check the version of ntp", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-26T00:00:00", "title": "RedHat Update for ntp RHSA-2016:0063-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871547", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ntp RHSA-2016:0063-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871547\");\n script_version(\"$Revision: 6690 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:51:07 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 06:10:45 +0100 (Tue, 26 Jan 2016)\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ntp RHSA-2016:0063-01\");\n script_tag(name: \"summary\", value: \"Check the version of ntp\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n\");\n script_tag(name: \"affected\", value: \"ntp on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"RHSA\", value: \"2016:0063-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2016-January/msg00032.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~22.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6_7.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~5.el6_7.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6_7.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:48:49", "references": ["http://lists.centos.org/pipermail/centos-announce/2016-January/021624.html", "2016:0063"], "pluginID": "1361412562310882375", "description": "Check the version of ntp", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-26T00:00:00", "title": "CentOS Update for ntp CESA-2016:0063 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882375", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882375", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ntp CESA-2016:0063 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882375\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 06:10:58 +0100 (Tue, 26 Jan 2016)\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ntp CESA-2016:0063 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of ntp\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n\");\n script_tag(name: \"affected\", value: \"ntp on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:0063\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-January/021624.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-28T18:22:31", "references": ["http://linux.oracle.com/errata/ELSA-2016-0063.html"], "pluginID": "1361412562310122859", "description": "Oracle Linux Local Security Checks ELSA-2016-0063", "edition": 5, "reporter": "Eero Volotinen", "published": "2016-01-26T00:00:00", "title": "Oracle Linux Local Check: ELSA-2016-0063", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122859", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122859", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0063.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122859\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 10:12:45 +0200 (Tue, 26 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0063\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0063 - ntp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0063\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0063.html\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:48:03", "references": ["http://lists.centos.org/pipermail/centos-announce/2016-January/021623.html", "2016:0063"], "pluginID": "1361412562310882376", "description": "Check the version of ntp", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-26T00:00:00", "title": "CentOS Update for ntp CESA-2016:0063 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ntp CESA-2016:0063 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882376\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 06:11:00 +0100 (Tue, 26 Jan 2016)\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ntp CESA-2016:0063 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of ntp\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n\");\n script_tag(name: \"affected\", value: \"ntp on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:0063\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-January/021623.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-02T14:29:47", "references": ["https://alas.aws.amazon.com/ALAS-2016-649.html"], "pluginID": "1361412562310120639", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2016-02-11T00:00:00", "title": "Amazon Linux Local Check: alas-2016-649", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120639", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2016-649.nasl 6574 2017-07-06 13:41:26Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120639\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-11 07:16:47 +0200 (Thu, 11 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2016-649\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in NTP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update ntp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-649.html\");\n script_cve_id(\"CVE-2015-7977\", \"CVE-2015-7974\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\", \"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-01T10:26:51", "references": ["https://advisories.mageia.org/MGASA-2016-0039.html"], "pluginID": "1361412562310131203", "description": "Mageia Linux Local Security Checks mgasa-2016-0039", "edition": 5, "reporter": "Eero Volotinen", "published": "2016-02-02T00:00:00", "title": "Mageia Linux Local Check: mgasa-2016-0039", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310131203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0039.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131203\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-02 07:44:19 +0200 (Tue, 02 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0039\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0039.html\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0039\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~24.4.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:29", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html", "2016-8"], "pluginID": "1361412562310807227", "description": "Check the version of ntp", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-02-05T00:00:00", "title": "Fedora Update for ntp FEDORA-2016-8", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310807227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807227", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2016-8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807227\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:22 +0530 (Fri, 05 Feb 2016)\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-8138\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2016-8\");\n script_tag(name: \"summary\", value: \"Check the version of ntp\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"The Network Time Protocol (NTP) is used\n to synchronize a computer's time with another reference time source. This\n package includes ntpd (a daemon which continuously adjusts system time) and\n utilities used to query and configure the ntpd daemon.\n\n Perl scripts ntp-wait and ntptrace are in the ntp-perl package,\n ntpdate is in the ntpdate package and sntp is in the sntp package.\n The documentation is in the ntp-doc package.\");\n\n script_tag(name: \"affected\", value: \"ntp on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-8\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~36.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-26T14:17:14", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"], "pluginID": "1361412562310105666", "description": "Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client", "edition": 4, "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-05-09T00:00:00", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CISCO", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2018-09-25T00:00:00", "id": "OPENVAS:1361412562310105666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105666", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ios_xe_cisco-sa-20160127-ntpd.nasl 11607 2018-09-25 13:53:15Z asteins $\n#\n# Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:cisco:ios_xe\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105666\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7975\", \"CVE-2015-7976\", \"CVE-2015-7978\", \"CVE-2015-7977\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8139\", \"CVE-2015-8140\", \"CVE-2015-8158\", \"CVE-2015-7973\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 11607 $\");\n\n script_name(\"Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd\");\n\n\n script_tag(name:\"vuldetect\", value:\"Check the version.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows:\n CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability\n CVE-2015-7974: Network Time Protocol Missing Trusted Key Check\n CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check\n CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames\n CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability\n CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service\n CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service\n CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass\n CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp\n CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack\n CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop\n\nCisco has released software updates that address these vulnerabilities.\n\nWorkarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product.\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd \");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-25 15:53:15 +0200 (Tue, 25 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 17:40:21 +0200 (Mon, 09 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ios_xe_version.nasl\");\n script_mandatory_keys(\"cisco_ios_xe/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n\t\t'2.1.0',\n\t\t'2.1.1',\n\t\t'2.1.2',\n\t\t'2.2.1',\n\t\t'2.2.2',\n\t\t'2.2.3',\n\t\t'2.3.0',\n\t\t'2.3.0t',\n\t\t'2.3.1t',\n\t\t'2.3.2',\n\t\t'2.4.0',\n\t\t'2.4.1',\n\t\t'2.5.0',\n\t\t'2.5.1',\n\t\t'2.5.2',\n\t\t'2.6.0',\n\t\t'2.6.1',\n\t\t'2.6.2',\n\t\t'3.1.0S',\n\t\t'3.1.1S',\n\t\t'3.1.2S',\n\t\t'3.1.3S',\n\t\t'3.1.4S',\n\t\t'3.1.5S',\n\t\t'3.1.6S',\n\t\t'3.1.0SG',\n\t\t'3.1.1SG',\n\t\t'3.2.0S',\n\t\t'3.2.1S',\n\t\t'3.2.2S',\n\t\t'3.2.3S',\n\t\t'3.2.0SE',\n\t\t'3.2.1SE',\n\t\t'3.2.2SE',\n\t\t'3.2.3SE',\n\t\t'3.2.0SG',\n\t\t'3.2.1SG',\n\t\t'3.2.2SG',\n\t\t'3.2.3SG',\n\t\t'3.2.4SG',\n\t\t'3.2.5SG',\n\t\t'3.2.6SG',\n\t\t'3.2.7SG',\n\t\t'3.2.8SG',\n\t\t'3.2.9SG',\n\t\t'3.2.0XO',\n\t\t'3.2.1XO',\n\t\t'3.3.0S',\n\t\t'3.3.1S',\n\t\t'3.3.2S',\n\t\t'3.3.0SE',\n\t\t'3.3.1SE',\n\t\t'3.3.2SE',\n\t\t'3.3.3SE',\n\t\t'3.3.4SE',\n\t\t'3.3.5SE',\n\t\t'3.3.0SG',\n\t\t'3.3.1SG',\n\t\t'3.3.2SG',\n\t\t'3.3.0SQ',\n\t\t'3.3.1SQ',\n\t\t'3.3.0XO',\n\t\t'3.3.1XO',\n\t\t'3.3.2XO',\n\t\t'3.4.0S',\n\t\t'3.4.1S',\n\t\t'3.4.2S',\n\t\t'3.4.3S',\n\t\t'3.4.4S',\n\t\t'3.4.5S',\n\t\t'3.4.6S',\n\t\t'3.4.0SG',\n\t\t'3.4.1SG',\n\t\t'3.4.2SG',\n\t\t'3.4.3SG',\n\t\t'3.4.4SG',\n\t\t'3.4.5SG',\n\t\t'3.4.0SQ',\n\t\t'3.4.1SQ',\n\t\t'3.5.0E',\n\t\t'3.5.1E',\n\t\t'3.5.2E',\n\t\t'3.5.3E',\n\t\t'3.5.0S',\n\t\t'3.5.1S',\n\t\t'3.5.2S',\n\t\t'3.6.0E',\n\t\t'3.6.1E',\n\t\t'3.6.0S',\n\t\t'3.6.1S',\n\t\t'3.6.2S',\n\t\t'3.7.0E',\n\t\t'3.7.0S',\n\t\t'3.7.1S',\n\t\t'3.7.2S',\n\t\t'3.7.3S',\n\t\t'3.7.4S',\n\t\t'3.7.5S',\n\t\t'3.7.6S',\n\t\t'3.7.7S',\n\t\t'3.8.0S',\n\t\t'3.8.1S',\n\t\t'3.8.2S',\n\t\t'3.9.0S',\n\t\t'3.9.1S',\n\t\t'3.9.2S',\n\t\t'3.10.0S',\n\t\t'3.10.0aS',\n\t\t'3.10.1S',\n\t\t'3.10.2S',\n\t\t'3.10.3S',\n\t\t'3.10.4S',\n\t\t'3.10.5S',\n\t\t'3.10.6S',\n\t\t'3.11.0S',\n\t\t'3.11.1S',\n\t\t'3.11.2S',\n\t\t'3.11.3S',\n\t\t'3.11.4S',\n\t\t'3.12.0S',\n\t\t'3.12.1S',\n\t\t'3.12.2S',\n\t\t'3.12.3S',\n\t\t'3.13.0S',\n\t\t'3.13.1S',\n\t\t'3.13.2S',\n\t\t'3.14.0S',\n\t\t'3.14.1S',\n\t\t'3.14.2S',\n\t\t'3.14.3S',\n\t\t'3.14.4S',\n\t\t'3.15.0S' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:37:35", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"], "pluginID": "1361412562310105726", "description": "Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.\n Versions of this package are affected by one or more vulnerabilities that could allow an\n unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time\n being advertised by a device acting as a Network Time Protocol (NTP) server.\n\n On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory\n detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,\n and logic issues that may allow an attacker to shift a client", "edition": 5, "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-05-18T00:00:00", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CISCO", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2018-10-16T00:00:00", "id": "OPENVAS:1361412562310105726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105726", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ipics_cisco-sa-20160127-ntpd.nasl 11922 2018-10-16 10:24:25Z asteins $\n#\n# Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:ip_interoperability_and_collaboration_system\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105726\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7975\", \"CVE-2015-7976\", \"CVE-2015-7978\", \"CVE-2015-7977\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8139\", \"CVE-2015-8140\", \"CVE-2015-8158\", \"CVE-2015-7973\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 11922 $\");\n\n script_name(\"Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.\n Versions of this package are affected by one or more vulnerabilities that could allow an\n unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time\n being advertised by a device acting as a Network Time Protocol (NTP) server.\n\n On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory\n detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,\n and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in\n this document are as follows: CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated\n Broadcast Mode Vulnerability CVE-2015-7974: Network Time Protocol Missing Trusted Key Check CVE-2015-\n 7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check CVE-2015-7976:\n Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in\n Filenames CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of\n Service Vulnerability CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service CVE-2015-\n 7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service CVE-2015-8138: Network Time\n Protocol Zero Origin Timestamp Bypass CVE-2015-8139: Network Time Protocol Information Disclosure of\n Origin Timestamp CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack CVE-2015-\n 8158: Standard and Special Network Time Protocol Query Program Infinite loop\n\n Cisco has released software updates that address these vulnerabilities.\n\n Workarounds that address some of these vulnerabilities may be available. Available workarounds will\n be documented in the corresponding Cisco bug for each affected product.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-16 12:24:25 +0200 (Tue, 16 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-18 10:53:18 +0200 (Wed, 18 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ipics_version.nasl\");\n script_mandatory_keys(\"cisco/ipics/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n\t\t'1.0(1.1)',\n\t\t'4.0(1)',\n\t\t'4.5(1)',\n\t\t'4.6(1)',\n\t\t'4.7(1)',\n\t\t'4.8(2)' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:33", "references": ["http://www.debian.org/security/2016/dsa-3629.html"], "pluginID": "1361412562310703629", "description": "Several vulnerabilities were discovered\nin the Network Time Protocol daemon and utility programs:\n\nCVE-2015-7974 \nMatt Street discovered that insufficient key validation allows\nimpersonation attacks between authenticated peers.\n\nCVE-2015-7977CVE-2015-7978Stephen Gray discovered that a NULL pointer dereference\nand a buffer overflow in the handling of ntpdc reslist \ncommands may\nresult in denial of service.\n\nCVE-2015-7979 \nAanchal Malhotra discovered that if NTP is configured for broadcast\nmode, an attacker can send malformed authentication packets which\nbreak associations with the server for other broadcast clients.\n\nCVE-2015-8138 \nMatthew van Gundy and Jonathan Gardner discovered that missing\nvalidation of origin timestamps in ntpd clients may result in denial\nof service.\n\nCVE-2015-8158 \nJonathan Gardner discovered that missing input sanitising in ntpq\nmay result in denial of service.\n\nCVE-2016-1547 \nStephen Gray and Matthew van Gundy discovered that incorrect handling\nof crypto NAK packets may result in denial of service.\n\nCVE-2016-1548 \nJonathan Gardner and Miroslav Lichvar discovered that ntpd clients\ncould be forced to change from basic client/server mode to interleaved\nsymmetric mode, preventing time synchronisation.\n\nCVE-2016-1550 \nMatthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\nthat timing leaks in the the packet authentication code could result\nin recovery of a message digest.\n\nCVE-2016-2516Yihan Lian discovered that duplicate IPs on unconfig \ndirectives will\ntrigger an assert.\n\nCVE-2016-2518 \nYihan Lian discovered that an OOB memory access could potentially\ncrash ntpd.", "edition": 3, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-08-02T00:00:00", "title": "Debian Security Advisory DSA 3629-1 (ntp - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:1361412562310703629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703629", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3629.nasl 8131 2017-12-15 07:30:28Z teissa $\n# Auto-generated from advisory DSA 3629-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703629\");\n script_version(\"$Revision: 8131 $\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\",\n \"CVE-2015-8138\", \"CVE-2015-8158\", \"CVE-2016-1547\", \"CVE-2016-1548\",\n \"CVE-2016-1550\", \"CVE-2016-2516\", \"CVE-2016-2518\");\n script_name(\"Debian Security Advisory DSA 3629-1 (ntp - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-15 08:30:28 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:56:41 +0530 (Tue, 02 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3629.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"ntp on Debian Linux\");\n script_tag(name: \"insight\", value: \"NTP, the Network Time Protocol,\nis used to keep computer clocks accurate by synchronizing them over the Internet\nor a local network, or by following an accurate hardware receiver that interprets\nGPS, DCF-77, NIST or similar time signals.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin the Network Time Protocol daemon and utility programs:\n\nCVE-2015-7974 \nMatt Street discovered that insufficient key validation allows\nimpersonation attacks between authenticated peers.\n\nCVE-2015-7977CVE-2015-7978Stephen Gray discovered that a NULL pointer dereference\nand a buffer overflow in the handling of ntpdc reslist \ncommands may\nresult in denial of service.\n\nCVE-2015-7979 \nAanchal Malhotra discovered that if NTP is configured for broadcast\nmode, an attacker can send malformed authentication packets which\nbreak associations with the server for other broadcast clients.\n\nCVE-2015-8138 \nMatthew van Gundy and Jonathan Gardner discovered that missing\nvalidation of origin timestamps in ntpd clients may result in denial\nof service.\n\nCVE-2015-8158 \nJonathan Gardner discovered that missing input sanitising in ntpq\nmay result in denial of service.\n\nCVE-2016-1547 \nStephen Gray and Matthew van Gundy discovered that incorrect handling\nof crypto NAK packets may result in denial of service.\n\nCVE-2016-1548 \nJonathan Gardner and Miroslav Lichvar discovered that ntpd clients\ncould be forced to change from basic client/server mode to interleaved\nsymmetric mode, preventing time synchronisation.\n\nCVE-2016-1550 \nMatthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\nthat timing leaks in the the packet authentication code could result\nin recovery of a message digest.\n\nCVE-2016-2516Yihan Lian discovered that duplicate IPs on unconfig \ndirectives will\ntrigger an assert.\n\nCVE-2016-2518 \nYihan Lian discovered that an OOB memory access could potentially\ncrash ntpd.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p7+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.8p7+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.8p7+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-7+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-7+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-7+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:57:38", "references": ["http://www.nessus.org/u?069c5223", "http://www.nessus.org/u?1e3a3dd6"], "pluginID": "88147", "description": "Updated ntp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.", "edition": 8, "reporter": "Tenable", "published": "2016-01-26T00:00:00", "title": "CentOS 6 / 7 : ntp (CESA-2016:0063)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2018-07-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:ntp-perl", "p-cpe:/a:centos:centos:sntp", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:ntpdate", "p-cpe:/a:centos:centos:ntp-doc"], "id": "CENTOS_RHSA-2016-0063.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88147", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0063 and \n# CentOS Errata and Security Advisory 2016:0063 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88147);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2015-8138\");\n script_xref(name:\"RHSA\", value:\"2016:0063\");\n\n script_name(english:\"CentOS 6 / 7 : ntp (CESA-2016:0063)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-January/021623.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?069c5223\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2016-January/021624.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e3a3dd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-4.2.6p5-5.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-doc-4.2.6p5-5.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-perl-4.2.6p5-5.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntpdate-4.2.6p5-5.el6.centos.4\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7.centos.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:37:42", "references": ["https://support.f5.com/csp/#/article/K71245322"], "pluginID": "88888", "description": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. (CVE-2015-8138)", "edition": 14, "reporter": "Tenable", "published": "2016-02-23T00:00:00", "title": "F5 Networks BIG-IP : NTP vulnerability (K71245322)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2018-07-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL71245322.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88888", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K71245322.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88888);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\n\n script_cve_id(\"CVE-2015-8138\");\n\n script_name(english:\"F5 Networks BIG-IP : NTP vulnerability (K71245322)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to\nbypass the origin timestamp validation via a packet with an origin\ntimestamp set to zero. (CVE-2015-8138)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K71245322\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K71245322.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K71245322\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9-11.4.1HF11\",\"11.4.0HF10\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:47:43", "references": ["http://www.nessus.org/u?953d1cf9"], "pluginID": "88175", "description": "It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAfter installing the update, the ntpd daemon will restart automatically.", "edition": 8, "reporter": "Tenable", "published": "2016-01-26T00:00:00", "title": "Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2017-02-13T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160125_NTP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88175", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88175);\n script_version(\"$Revision: 2.7 $\");\n script_cvs_date(\"$Date: 2017/02/13 20:45:10 $\");\n\n script_cve_id(\"CVE-2015-8138\");\n\n script_name(english:\"Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAfter installing the update, the ntpd daemon will restart\nautomatically.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1601&L=scientific-linux-errata&F=&S=&P=11088\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?953d1cf9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-doc-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-doc-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-perl-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-18T16:49:12", "references": ["https://www.redhat.com/security/data/cve/CVE-2015-8138.html", "http://rhn.redhat.com/errata/RHSA-2016-0063.html"], "pluginID": "88172", "description": "Updated ntp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.", "edition": 12, "reporter": "Tenable", "published": "2016-01-26T00:00:00", "title": "RHEL 6 / 7 : ntp (RHSA-2016:0063)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2018-10-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "p-cpe:/a:redhat:enterprise_linux:sntp", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0063.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0063. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88172);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2018/10/17 12:00:18\");\n\n script_cve_id(\"CVE-2015-8138\");\n script_xref(name:\"RHSA\", value:\"2016:0063\");\n\n script_name(english:\"RHEL 6 / 7 : ntp (RHSA-2016:0063)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2016-0063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-8138.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0063\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ntp-doc-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-doc-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-perl-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:36:12", "references": ["http://www.nessus.org/u?35f952b3"], "pluginID": "88169", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)", "edition": 9, "reporter": "Tenable", "published": "2016-01-26T00:00:00", "title": "OracleVM 3.3 : ntp (OVMSA-2016-0006)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2018-07-24T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:ntpdate", "cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:ntp"], "id": "ORACLEVM_OVMSA-2016-0006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88169", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0006.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88169);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2015-8138\");\n\n script_name(english:\"OracleVM 3.3 : ntp (OVMSA-2016-0006)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - don't accept server/peer packets with zero origin\n timestamp (CVE-2015-8138)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-January/000410.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35f952b3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp / ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntpdate\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:51:34", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-January/005716.html", "https://oss.oracle.com/pipermail/el-errata/2016-January/005717.html"], "pluginID": "88167", "description": "From Red Hat Security Advisory 2016:0063 :\n\nUpdated ntp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.", "edition": 8, "reporter": "Tenable", "published": "2016-01-26T00:00:00", "title": "Oracle Linux 6 / 7 : ntp (ELSA-2016-0063)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:ntpdate", "p-cpe:/a:oracle:linux:sntp", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0063.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0063 and \n# Oracle Linux Security Advisory ELSA-2016-0063 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88167);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2015-8138\");\n script_xref(name:\"RHSA\", value:\"2016:0063\");\n\n script_name(english:\"Oracle Linux 6 / 7 : ntp (ELSA-2016-0063)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0063 :\n\nUpdated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005716.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005717.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-doc-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:01:52", "references": ["http://www.nessus.org/u?dabe6203"], "pluginID": "107061", "description": "The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities :\n\n - A flaw exists in NTP in the receive() function within file ntpd/ntp_proto.c that allows packets with an origin timestamp of zero to bypass security checks. An unauthenticated, remote attacker can exploit this to spoof arbitrary content. (CVE-2015-8138)\n\n - A flaw exists in NTP when handling crafted Crypto NAK Packets having spoofed source addresses that match an existing associated peer. A unauthenticated, remote attacker can exploit this to demobilize a client association, resulting in a denial of service condition.\n (CVE-2016-1547)\n\n - A flaw exists in NTP when handling packets that have been spoofed to appear to be coming from a valid ntpd server, which may cause a switch to interleaved symmetric mode. An unauthenticated, remote attacker can exploit this, via a packet having a spoofed timestamp, to cause the client to reject future legitimate server responses, resulting in a denial of service condition.\n (CVE-2016-1548)\n\n - A flaw exits in NTP when handling a saturation of ephemeral associations. An authenticated, remote attacker can exploit this to defeat the clock selection algorithm and thereby modify a victim's clock.\n (CVE-2016-1549)\n\n - A flaw exists in NTP in the message authentication functionality of libntp that is triggered when handling a series of specially crafted messages. An unauthenticated, remote attacker can exploit this to partially recover the message digest key.\n (CVE-2016-1550)", "edition": 4, "reporter": "Tenable", "published": "2018-02-28T00:00:00", "title": "Arista Networks EOS Multiple Vulnerabilities (SA0019)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1548", "CVE-2015-8138", "CVE-2016-1550", "CVE-2016-1547", "CVE-2016-1549"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0019.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=107061", "sourceData": "#TRUSTED 922fa5231c8981d87bc28f471f41e69ef4b33f5f2a2f28708a4feadd722e50b88d91d40dd75fd05981433270554ec5999588eec9743deb92de57ad7b46f4d844915073db89e95ccb62102c13222ec7d67184eb9c8fab0322e0108da13582ec439bb1fc6c44cc9fc971db61037e0f41305ddde191437bcbb941fee10324a41132800305f4d02537970d9c0be85a54a5751903cbe2112eb4bc7bbdaa7cf94b150a1ac7fd3aa4c852f47b55d9bacf709062ab251f8e01758621fb40dace429b9054b871a606e20eba0e78156503a586f19229c4943a35ae2fdd45d13d6b7a3cde6ad12782aa6bb769bb1b380120980bf82e338c4e3709ad96a7ad72b979d1eb529c8a1514cb4ac36e201e5a16f79381f535cbdf366324ded61f702e20d7eec831aa52a0a2a1156db671dcf8aadba9b1d8cf7c7a1703c97964a878b0086f159ed9b1c4d509a2ea991dd23069b80b2ae1b2d23dd2525deef07b12f6956afccca7d747868b7b48f072cd96744438b4ae59b314bcc96c0891ef3bef443e05c027c4fabdc3e2151378643d435845e1b4d90931e481e0f57602d44f4c3c21028350e2b9dc5202cd12c164454c9fdbb75b41ceaae94e1ab647a2eeffbba8053aa398b15360f7ef9c0ac0f5641fd8b5cb4a3f9ec9c2d5836dfcf1a8ccd2b530c59ae8357017089f69b796cc4ed2c15b8a905e0be59155e71b802a0bb2820befbbcef5f741c5\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107061);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/08/09\");\n\n script_cve_id(\n \"CVE-2015-8138\",\n \"CVE-2016-1547\",\n \"CVE-2016-1548\",\n \"CVE-2016-1549\",\n \"CVE-2016-1550\"\n );\n script_bugtraq_id(\n 81811,\n 88200,\n 88261,\n 88264,\n 88276\n );\n script_xref(name:\"CERT\", value:\"718152\");\n\n script_name(english:\"Arista Networks EOS Multiple Vulnerabilities (SA0019)\");\n script_summary(english:\"Checks the Arista Networks EOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by multiple vulnerabilities :\n\n - A flaw exists in NTP in the receive() function within\n file ntpd/ntp_proto.c that allows packets with an origin\n timestamp of zero to bypass security checks. An\n unauthenticated, remote attacker can exploit this to\n spoof arbitrary content. (CVE-2015-8138)\n\n - A flaw exists in NTP when handling crafted Crypto NAK\n Packets having spoofed source addresses that match an\n existing associated peer. A unauthenticated, remote\n attacker can exploit this to demobilize a client\n association, resulting in a denial of service condition.\n (CVE-2016-1547)\n\n - A flaw exists in NTP when handling packets that have\n been spoofed to appear to be coming from a valid ntpd\n server, which may cause a switch to interleaved\n symmetric mode. An unauthenticated, remote attacker can\n exploit this, via a packet having a spoofed timestamp,\n to cause the client to reject future legitimate server\n responses, resulting in a denial of service condition.\n (CVE-2016-1548)\n\n - A flaw exits in NTP when handling a saturation of\n ephemeral associations. An authenticated, remote\n attacker can exploit this to defeat the clock selection\n algorithm and thereby modify a victim's clock.\n (CVE-2016-1549)\n\n - A flaw exists in NTP in the message authentication\n functionality of libntp that is triggered when handling\n a series of specially crafted messages. An\n unauthenticated, remote attacker can exploit this to\n partially recover the message digest key.\n (CVE-2016-1550)\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19\n script_set_attribute( attribute:\"see_also\", value:\"http://www.nessus.org/u?dabe6203\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact the vendor for a fixed version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\", \"Host/Arista-EOS/eos_shell\");\n\n exit(0);\n}\n\n\ninclude(\"arista_eos_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Arista-EOS/Version\");\n\nvmatrix = make_array();\nvmatrix[\"all\"] = make_list(\"0.0<=4.12.99\");\nvmatrix[\"F\"] = make_list(\"4.13.1.1<=4.13.6\",\n \"4.14.0<=4.14.5\",\n \"4.15.0<=4.15.4.1\");\n\nvmatrix[\"M\"] = make_list(\"4.13.5<=4.13.15\",\n \"4.14.6<=4.14.12\",\n \"4.15.5\",\"4.15.6\");\n\nvmatrix[\"misc\"] = make_list(\"4.14.5FX\",\n \"4.14.5FX\",\n \"4.14.5FX.1\",\n \"4.14.5FX.2\",\n \"4.14.5FX.3\",\n \"4.14.5FX.4\",\n \"4.14.5.1F-SSU\",\n \"4.15.0FX\",\n \"4.15.0FXA\",\n \"4.15.0FX1\",\n \"4.15.1FXB.1\",\n \"4.15.1FXB\",\n \"4.15.1FX-7060X\",\n \"4.15.1FX-7060QX\",\n \"4.15.3FX-7050X-72Q\",\n \"4.15.3FX-7060X.1\",\n \"4.15.3FX-7500E3\",\n \"4.15.3FX-7500E3.3\",\n \"4.15.4FX-7500E3\",\n \"4.15.5FX-7500R\");\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n{\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Arista Networks EOS\", version);\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:47", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1300271", "https://bugzilla.redhat.com/show_bug.cgi?id=1297471", "https://bugzilla.redhat.com/show_bug.cgi?id=1300273", "https://bugzilla.redhat.com/show_bug.cgi?id=1299442", "https://bugzilla.redhat.com/show_bug.cgi?id=1300270", "http://www.nessus.org/u?b6201181", "https://bugzilla.redhat.com/show_bug.cgi?id=1300269"], "pluginID": "89577", "description": "Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2016-03-04T00:00:00", "title": "Fedora 23 : ntp-4.2.6p5-36.fc23 (2016-8bb1932088)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2017-02-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-8BB1932088.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89577", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-8bb1932088.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89577);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2017/02/15 14:34:00 $\");\n\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\");\n script_xref(name:\"FEDORA\", value:\"2016-8bb1932088\");\n\n script_name(english:\"Fedora 23 : ntp-4.2.6p5-36.fc23 (2016-8bb1932088)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977,\nCVE-2015-7978, CVE-2015-7979, CVE-2015-8158\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1297471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1299442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300273\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6201181\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"ntp-4.2.6p5-36.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:09:17", "references": ["https://alas.aws.amazon.com/ALAS-2016-649.html"], "pluginID": "88661", "description": "It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nA NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. (CVE-2015-7977)\n\nIt was found that NTP does not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key.\n(CVE-2015-7974)\n\nA stack-based buffer overflow was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. (CVE-2015-7978)\n\nIt was found that when NTP is configured in broadcast mode, an off-path attacker could broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server. This could cause the time on affected clients to become out of sync over a longer period of time.\n(CVE-2015-7979)\n\nA flaw was found in the way the ntpq client certain processed incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance.\n(CVE-2015-8158)\n\nA flaw was found in ntpd that allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. (CVE-2016-4953)\n\n(Updated 2016-10-18: CVE-2016-4953 was fixed in this release but was not previously part of this errata.)", "edition": 13, "reporter": "Tenable", "published": "2016-02-10T00:00:00", "title": "Amazon Linux AMI : ntp (ALAS-2016-649)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2016-4953", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntpdate", "p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-649.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88661", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-649.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88661);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\", \"CVE-2016-4953\");\n script_xref(name:\"ALAS\", value:\"2016-649\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2016-649)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nA NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could use this flaw to crash the\nntpd process. (CVE-2015-7977)\n\nIt was found that NTP does not verify peer associations of symmetric\nkeys when authenticating packets, which might allow remote attackers\nto conduct impersonation attacks via an arbitrary trusted key.\n(CVE-2015-7974)\n\nA stack-based buffer overflow was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could use this flaw to crash the\nntpd process. (CVE-2015-7978)\n\nIt was found that when NTP is configured in broadcast mode, an\noff-path attacker could broadcast packets with bad authentication\n(wrong key, mismatched key, incorrect MAC, etc) to all clients. The\nclients, upon receiving the malformed packets, would break the\nassociation with the broadcast server. This could cause the time on\naffected clients to become out of sync over a longer period of time.\n(CVE-2015-7979)\n\nA flaw was found in the way the ntpq client certain processed incoming\npackets in a loop in the getresponse() function. A remote attacker\ncould potentially use this flaw to crash an ntpq client instance.\n(CVE-2015-8158)\n\nA flaw was found in ntpd that allows remote attackers to cause a\ndenial of service (ephemeral-association demobilization) by sending a\nspoofed crypto-NAK packet with incorrect authentication data at a\ncertain time. (CVE-2016-4953)\n\n(Updated 2016-10-18: CVE-2016-4953 was fixed in this release but was\nnot previously part of this errata.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-649.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.6p5-36.29.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:15", "references": ["https://bugzilla.suse.com/962966", "https://www.suse.com/security/cve/CVE-2015-7974.html", "https://www.suse.com/security/cve/CVE-2015-7975.html", "https://bugzilla.suse.com/962995", "https://bugzilla.suse.com/956773", "https://bugzilla.suse.com/962970", "https://bugzilla.suse.com/916617", "https://www.suse.com/security/cve/CVE-2015-5300.html", "https://bugzilla.suse.com/962784", "https://www.suse.com/security/cve/CVE-2015-7979.html", "https://www.suse.com/security/cve/CVE-2015-7977.html", "https://www.suse.com/security/cve/CVE-2015-7978.html", "https://bugzilla.suse.com/962988", "https://www.suse.com/security/cve/CVE-2015-8158.html", "https://bugzilla.suse.com/951559", "https://bugzilla.suse.com/975981", "https://bugzilla.suse.com/975496", "https://bugzilla.suse.com/782060", "https://bugzilla.suse.com/962318", "https://www.suse.com/security/cve/CVE-2015-7976.html", "https://bugzilla.suse.com/951629", "https://bugzilla.suse.com/962802", "https://bugzilla.suse.com/962960", "http://www.nessus.org/u?62660ba3", "https://www.suse.com/security/cve/CVE-2015-8138.html", "https://bugzilla.suse.com/937837", "https://bugzilla.suse.com/962997", "https://www.suse.com/security/cve/CVE-2015-7973.html", "https://www.suse.com/security/cve/CVE-2015-8140.html", "https://bugzilla.suse.com/963000", "https://bugzilla.suse.com/962994", "https://bugzilla.suse.com/963002", "https://www.suse.com/security/cve/CVE-2015-8139.html"], "pluginID": "90821", "description": "ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\nAlso yast2-ntp-client was updated to match some sntp syntax changes.\n(bsc#937837)\n\nThese security issues were fixed :\n\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).\n\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).\n\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).\n\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).\n\n - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).\n\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 16, "reporter": "Tenable", "published": "2016-05-02T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2018-07-31T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ntp-doc", "p-cpe:/a:novell:suse_linux:ntp-debugsource", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2016-1177-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90821", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1177-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90821);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2018/07/31 17:27:55\");\n\n script_cve_id(\"CVE-2015-5300\", \"CVE-2015-7973\", \"CVE-2015-7974\", \"CVE-2015-7975\", \"CVE-2015-7976\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8139\", \"CVE-2015-8140\", \"CVE-2015-8158\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\nAlso yast2-ntp-client was updated to match some sntp syntax changes.\n(bsc#937837)\n\nThese security issues were fixed :\n\n - CVE-2015-8158: Fixed potential infinite loop in ntpq\n (bsc#962966).\n\n - CVE-2015-8138: Zero Origin Timestamp Bypass\n (bsc#963002).\n\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack\n on authenticated broadcast mode (bsc#962784).\n\n - CVE-2015-7978: Stack exhaustion in recursive traversal\n of restriction list (bsc#963000).\n\n - CVE-2015-7977: reslist NULL pointer dereference\n (bsc#962970).\n\n - CVE-2015-7976: ntpq saveconfig command allows dangerous\n characters in filenames (bsc#962802).\n\n - CVE-2015-7975: nextvar() missing length check\n (bsc#962988).\n\n - CVE-2015-7974: Skeleton Key: Missing key check allows\n impersonation between authenticated peers (bsc#962960).\n\n - CVE-2015-7973: Replay attack on authenticated broadcast\n mode (bsc#962995).\n\n - CVE-2015-8140: ntpq vulnerable to replay attacks\n (bsc#962994).\n\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose\n origin (bsc#962997).\n\n - CVE-2015-5300: MITM attacker could have forced ntpd to\n make a step larger than the panic threshold\n (bsc#951629).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/782060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/916617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/937837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/951559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/951629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/956773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/962997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/963000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/963002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/975496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/975981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7973.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7974.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7975.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7976.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7977.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7978.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7979.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8158.html\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161177-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62660ba3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-694=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-694=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-694=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-4.2.8p6-8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debuginfo-4.2.8p6-8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debugsource-4.2.8p6-8.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-doc-4.2.8p6-8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-4.2.8p6-8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p6-8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p6-8.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p6-8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:13", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "x86_64", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "src", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "noarch", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "x86_64", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "i686", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "x86_64", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "x86_64", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "i686", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "i686", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "ppc64", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "ppc64", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "ppc64", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "ppc64", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "s390x", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "s390x", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "s390x", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "s390x", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "i686", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "x86_64", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "noarch", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.6p5-22.el7_2.1.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "noarch", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-22.el7_2.1.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "x86_64", "packageName": "sntp", "packageFilename": "sntp-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "x86_64", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "x86_64", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "ppc64", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "ppc64", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "ppc64", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "ppc64", "packageName": "sntp", "packageFilename": "sntp-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "s390x", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "s390x", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "s390x", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "s390x", "packageName": "sntp", "packageFilename": "sntp-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n", "reporter": "RedHat", "published": "2016-01-25T05:00:00", "type": "redhat", "title": "(RHSA-2016:0063) Important: ntp security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:13", "id": "RHSA-2016:0063", "href": "https://access.redhat.com/errata/RHSA-2016:0063", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:18", "references": ["https://rhn.redhat.com/errata/RHSA-2016-0063.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7.centos.1", "arch": "any", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-22.el7.centos.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "i686", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6.centos.4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "i686", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-5.el6.centos.4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7.centos.1", "arch": "noarch", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-22.el7.centos.1.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7.centos.1", "arch": "x86_64", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-22.el7.centos.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "x86_64", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-5.el6.centos.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7.centos.1", "arch": "x86_64", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-22.el7.centos.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7.centos.1", "arch": "x86_64", "packageName": "sntp", "packageFilename": "sntp-4.2.6p5-22.el7.centos.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7.centos.1", "arch": "noarch", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.6p5-22.el7.centos.1.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "x86_64", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6.centos.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "any", "packageName": "ntp", "packageFilename": "ntp-4.2.6p5-5.el6.centos.4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "noarch", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "noarch", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "i686", "packageName": "ntpdate", "packageFilename": "ntpdate-4.2.6p5-5.el6.centos.4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6.centos.4", "arch": "x86_64", "packageName": "ntp-perl", "packageFilename": "ntp-perl-4.2.6p5-5.el6.centos.4.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2016:0063\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/021623.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/021624.html\n\n**Affected packages:**\nntp\nntp-doc\nntp-perl\nntpdate\nsntp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0063.html", "edition": 1, "reporter": "CentOS Project", "published": "2016-01-25T14:27:37", "title": "ntp, ntpdate, sntp security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138"], "modified": "2016-01-25T15:08:59", "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/021623.html", "id": "CESA-2016:0063", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:04", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "x86_64", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.x86_64.rpm", "packageName": "ntpdate", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "x86_64", "packageFilename": "sntp-4.2.6p5-22.el7_2.1.x86_64.rpm", "packageName": "sntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "src", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.src.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "x86_64", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "noarch", "packageFilename": "ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "noarch", "packageFilename": "ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "i686", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.i686.rpm", "packageName": "ntp-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "x86_64", "packageFilename": "ntpdate-4.2.6p5-22.el7_2.1.x86_64.rpm", "packageName": "ntpdate", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "noarch", "packageFilename": "ntp-perl-4.2.6p5-22.el7_2.1.noarch.rpm", "packageName": "ntp-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "x86_64", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.x86_64.rpm", "packageName": "ntp-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "i686", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.i686.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "src", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.src.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "src", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.src.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "x86_64", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-22.el7_2.1", "arch": "noarch", "packageFilename": "ntp-doc-4.2.6p5-22.el7_2.1.noarch.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-5.el6_7.4", "arch": "i686", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.i686.rpm", "packageName": "ntpdate", "operator": "lt"}], "description": "[4.2.6p5-5.el6_7.4]\n- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)", "edition": 3, "reporter": "Oracle", "published": "2016-01-25T00:00:00", "title": "ntp security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138"], "modified": "2016-01-25T00:00:00", "id": "ELSA-2016-0063", "href": "http://linux.oracle.com/errata/ELSA-2016-0063.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T01:48:38", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "i686", "packageFilename": "ntpdate-4.2.6p5-10.el6.i686.rpm", "packageName": "ntpdate", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "x86_64", "packageFilename": "ntp-4.2.6p5-10.el6.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "noarch", "packageFilename": "ntp-doc-4.2.6p5-10.el6.noarch.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "noarch", "packageFilename": "ntp-doc-4.2.6p5-10.el6.noarch.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "x86_64", "packageFilename": "ntpdate-4.2.6p5-10.el6.x86_64.rpm", "packageName": "ntpdate", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "i686", "packageFilename": "ntp-4.2.6p5-10.el6.i686.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "i686", "packageFilename": "ntp-perl-4.2.6p5-10.el6.i686.rpm", "packageName": "ntp-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "x86_64", "packageFilename": "ntp-perl-4.2.6p5-10.el6.x86_64.rpm", "packageName": "ntp-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "src", "packageFilename": "ntp-4.2.6p5-10.el6.src.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.2.6p5-10.el6", "arch": "src", "packageFilename": "ntp-4.2.6p5-10.el6.src.rpm", "packageName": "ntp", "operator": "lt"}], "description": "[4.2.6p5-10]\n- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)\n- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)\n[4.2.6p5-9]\n- fix crash with invalid logconfig command (CVE-2015-5194)\n- fix crash when referencing disabled statistic type (CVE-2015-5195)\n- don't hang in sntp with crafted reply (CVE-2015-5219)\n- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7702)\n- fix memory leak with autokey (CVE-2015-7701)\n- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)\n- don't crash in ntpq with crafted packet (CVE-2015-7852)\n- add option to set Differentiated Services Code Point (DSCP) (#1228314)\n- extend rawstats log (#1242895)\n- fix resetting of leap status (#1243034)\n- report clock state changes related to leap seconds (#1242937)\n- allow -4/-6 on restrict lines with mask (#1232146)\n- retry joining multicast groups (#1288534)\n- explain synchronised state in ntpstat man page (#1286969)\n[4.2.6p5-7]\n- check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)\n- allow only one step larger than panic threshold with -g (CVE-2015-5300)", "edition": 5, "reporter": "Oracle", "published": "2016-05-12T00:00:00", "title": "ntp security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7703", "CVE-2015-8138", "CVE-2015-7977", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7691", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7978"], "modified": "2016-05-12T00:00:00", "id": "ELSA-2016-0780", "href": "http://linux.oracle.com/errata/ELSA-2016-0780.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:05", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-25.0.1.el7", "arch": "x86_64", "packageFilename": "ntpdate-4.2.6p5-25.0.1.el7.x86_64.rpm", "packageName": "ntpdate", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-25.0.1.el7", "arch": "src", "packageFilename": "ntp-4.2.6p5-25.0.1.el7.src.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-25.0.1.el7", "arch": "x86_64", "packageFilename": "sntp-4.2.6p5-25.0.1.el7.x86_64.rpm", "packageName": "sntp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-25.0.1.el7", "arch": "noarch", "packageFilename": "ntp-doc-4.2.6p5-25.0.1.el7.noarch.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-25.0.1.el7", "arch": "noarch", "packageFilename": "ntp-perl-4.2.6p5-25.0.1.el7.noarch.rpm", "packageName": "ntp-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.2.6p5-25.0.1.el7", "arch": "x86_64", "packageFilename": "ntp-4.2.6p5-25.0.1.el7.x86_64.rpm", "packageName": "ntp", "operator": "lt"}], "description": "[4.2.6p5-25.0.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\n[4.2.6p5-25]\n- don't allow spoofed packet to enable symmetric interleaved mode\n (CVE-2016-1548)\n- check mode of new source in config command (CVE-2016-2518)\n- make MAC check resilient against timing attack (CVE-2016-1550)\n[4.2.6p5-24]\n- fix crash with invalid logconfig command (CVE-2015-5194)\n- fix crash when referencing disabled statistic type (CVE-2015-5195)\n- don't hang in sntp with crafted reply (CVE-2015-5219)\n- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7702)\n- fix memory leak with autokey (CVE-2015-7701)\n- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)\n- don't crash in ntpq with crafted packet (CVE-2015-7852)\n- check key ID in packets authenticated with symmetric key (CVE-2015-7974)\n- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)\n- don't allow spoofed packets to demobilize associations (CVE-2015-7979,\n CVE-2016-1547)\n- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)\n- fix infinite loop in ntpq/ntpdc (CVE-2015-8158)\n- fix resetting of leap status (#1242553)\n- extend rawstats log (#1242877)\n- report clock state changes related to leap seconds (#1242935)\n- allow -4/-6 on restrict lines with mask (#1304492)\n- explain synchronised state in ntpstat man page (#1309594)", "edition": 4, "reporter": "Oracle", "published": "2016-11-09T00:00:00", "title": "ntp security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2015-5219", "CVE-2013-5211", "CVE-2015-7979", "CVE-2015-7701", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-5195", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-11-09T00:00:00", "id": "ELSA-2016-2583", "href": "http://linux.oracle.com/errata/ELSA-2016-2583.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "talos": [{"lastseen": "2018-08-31T00:36:20", "references": [], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0077\n\n## Network Time Protocol Origin Timestamp Check Impersonation Vulnerability\n\n##### January 19, 2016\n\n##### CVE Number\n\nCVE-2015-8138\n\nCERT VU#357792\n\n### Summary\n\nTo distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in an incoming packet matches the transmit timestamp it transmitted in its last request. A logic error exists that allows packets with an origin timestamp of zero to bypass this check whenever there is not an outstanding request to the server.\n\nIt appears this defect applies to all modes except interleaved and broadcast modes and was introduced in version 4.2.5p179.\n\n### Tested Versions\n\nntp 4.2.8p3 \nNTPsec aa48d001683e5b791a743ec9c575aaf7d867a2b0c\n\n### Product URLs\n\n<http://www.ntp.org> \n<http://www.ntpsec.org/>\n\n### CVSS Score\n\nCVSSv2: 5.0 - AV:N/AC:L/Au:N/C:N/I:P/A:N \nCVSSv3: 5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n\n### Details\n\nreceive() in ntp_proto.c contains the following sanity check for the origin timestamp when running in basic mode:\n \n \n if (!L_ISEQU(&p_org, &peer->aorg)) {\n peer->bogusorg++;\n peer->flash |= TEST2; /* bogus */\n if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,\n &peer->dst)) {\n peer->flip = 1;\n report_event(PEVNT_XLEAVE, peer, NULL);\n }\n } else {\n L_CLR(&peer->aorg);\n }\n \n\nIf the incoming origin timestamp is not equal to the stored origin timestamp in the peer structure, the packet is marked as bogus and will be ignored. If the origin timestamp matches the saved origin timestamp in the peer structure, the origin timestamp in the peer structure is zeroed out.\n\nThis means an attacker can spoof the peer server and send a time update with a zero origin timestamp. The client will check that incoming timestamp against the one stored in the peer, which is zero. The timestamps will match and the client will process the incoming packet for time. The client is not in a state in which it is expecting a reply from the server, but it processes it anyway.\n\nWe have successfully used this vulnerability to force a client to move its time. Our proof-of-concept requires no authentication or special access and works for any client configured in basic mode.\n\nWe can maintain the client at our spoofed time by sending regular updates, every 5 seconds for example, enough to overcome the real server time updates in the clock selection process. The client will oscillate between the peered and rejected state with the peer since it is receiving drastically different times between the spoofed and real packets.\n\nIn order to be considered for clock selection, we have to ensure that the measured dispersion and delay for our packets are low. We achieve this by setting the receive timestamp to the offset value by which we want to move the clock for the initial time change. For example, to move the clock 20 years forward we set the transmit timestamp to (current time + 630720000) and the receive timestamp to 630720000. We also must set the precision to -128 to minimize the dispersion. Once the time has changed, we can maintain that spoofed time by changing receive to zero and keeping transmit the same. This keeps the delay low enough to be considered in clock selection.\n\nAdditionally, even when the update has too large of an offset or too big of a delay to win the clock selection, we can at least use the zero origin timestamp to make a client ignore real time updates in some instances by forcing the client to think a real server update is a popcorn spike.\n\n### Recommended Fix\n\nIdeally, the client would not process any packet from a peer if it did not have an active request out.\n\n### Timeline\n\n2015-10-16 - Vendor Disclosure \n2016-01-19 - Public Release\n\n##### Credit\n\nMatthew Van Gundy and Jonathan Gardner\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0078\n\nPrevious Report\n\nTALOS-2016-0076\n", "edition": 9, "reporter": "Talos Intelligence", "published": "2016-01-19T00:00:00", "title": "Network Time Protocol Origin Timestamp Check Impersonation Vulnerability", "type": "talos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-8138"], "modified": "2016-01-19T00:00:00", "id": "TALOS-2016-0077", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0077", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:36:40", "references": [], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0078\n\n## Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability\n\n##### January 19, 2016\n\n##### CVE Number\n\nCVE-2015-8139\n\nCERT VU#357792\n\n### Summary\n\nTo prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will know the value of the transmit timestamp, this prevents an attacker from forging replies.\n\nUnfortunately, ntpq and ntpdc will disclose the value of the origin timestamp expected in the next peer response to any clients that are authorized to make ntpq (respectively ntpdc) queries.\n\nThis vulnerability appears to have been present in ntpd since, at least, 4.0.94 of May 1999. It appears in the earliest commit in the NTP project git repository.\n\n### Tested Versions\n\nntp 4.2.8p3 \nNTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92\n\n### Product URLs\n\n<http://www.ntp.org> \n<http://www.ntpsec.org/>\n\n### CVSS Score\n\nCVSSv2: 5.0 - AV:N/AC:L/Au:N/C:P/I:N/A:N \nCVSSv3: 5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n\n### Details\n\nHere is an example from ntpq:\n \n \n ntpq> peer\n remote refid st t when poll reach delay offset jitter\n ==============================================================================\n *server .LOCL. 1 u 69 64 76 0.525 35.063 23.483\n ntpq> as\n \n ind assid status conf reach auth condition last_event cnt\n ===========================================================\n 1 43286 965a yes yes none sys.peer sys_peer 5\n ntpq> rv 43286 org\n org=d9c79a63.b05e631b Tue, Oct 13 2015 14:57:39.688\n \n\nHere is an example from ntpdc:\n \n \n ntpdc> showpeer 192.168.33.10\n remote 192.168.33.10, local 192.168.33.11\n ...\n reference time: d9c79a0e.1ef70a98 Tue, Oct 13 2015 14:56:14.120\n originate timestamp: d9c79a63.b05e631b Tue, Oct 13 2015 14:57:39.688\n receive timestamp: d9c79a20.b9d5ee3d Tue, Oct 13 2015 14:56:32.725\n transmit timestamp: d9c79a20.b9d5ee3d Tue, Oct 13 2015 14:56:32.725\n \n\nFor associations that do not employ authentication, response packets are only authenticated using the packet source address and the expected origin timestamp. The necessary ntpq and ntpdc commands do not require authentication. As a result, an unauthenticated off-path attacker that can spoof the source address of a remote peer can forge responses from that peer using this vulnerability.\n\nThere is an interplay between this vulnerability and the 0rigin (zero origin) vulnerability (CVE-2015-8138). Because the 0rigin vulnerability resets the expected origin timestamp from live servers to zero when a response with the correct origin timestamp is received, forging responses from live servers is trivial. This vulnerability gives attackers the additional power to forge responses from unreachable peers and symmetric peers.\n\n### Mitigation\n\nThe peer origin variable is read via ntpq (mode 6) packets with a non-zero association id, opcode equal to READVAR (2), and the variable name \"org\".\n\nIt can also be read with ntpdc (mode 7) packets with a request code of PEER_INFO (2).\n\nThis vulnerability can be mitigated by adding the `noquery` option to all restrict entries as in:\n \n \n restrict -4 default noquery ...\n restrict -6 default noquery ...\n restrict 127.0.0.1 noquery ...\n restrict ::1 noquery ...\n \n\nWARNING: Common configurations allow local users to send ntpq and ntpdc requests to the local ntpd using permissive restrict entries. This will allow malicious, unprivileged, local users to discover the value of the origin timestamp necessary to spoof responses from ntpd peers. Therefore, we DO NOT recommend the common practice of allowing queries from localhost.\n\nUnfortunately, despite the impression given by NTP's documentation, the `notrust` restrict option CANNOT be used to mitigate this vulnerability because it DOES NOT have any effect on ntpq and ntpdc requests.\n\n### Timeline\n\n2015-10-16 - Vendor Disclosure \n2016-01-19 - Public Release\n\n##### Credit\n\nMatthew Van Gundy\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0079\n\nPrevious Report\n\nTALOS-2016-0077\n", "edition": 9, "reporter": "Talos Intelligence", "published": "2016-01-19T00:00:00", "title": "Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability", "type": "talos", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-8138", "CVE-2015-8139"], "modified": "2016-01-19T00:00:00", "id": "TALOS-2016-0078", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0078", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:36:20", "references": [], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0260\n\n## Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability\n\n##### March 29, 2017\n\n##### CVE Number\n\nCVE-2016-9042\n\n### Summary\n\nAn exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.\n\n### Tested Versions\n\nNTP 4.2.8p9\n\n### Product URLs\n\nhttp://www.ntp.org\n\n### CVSSv3 Score\n\nCVSSv2: 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3: 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\n\n### Details\n\nIn most modes, NTP prevents spoofing by off-path attackers by verifying that the origin timestamp of an incoming NTP packet matches the transmit timestamp on the daemon's last outgoing packet --- using the transmit and origin timestamps as a per-request nonce. This test described in RFC 5905 and dubbed `TEST2` in ntpd's source code. To prevent an NTP daemon from accepting responses to duplicated request packets, RFC 5095 also specifies that the expected origin timestamp should be set to zero after successfully validating the origin timestamp of an incoming packet. Unfortunately, ntpd releases before 4.2.8p9 did not correctly reject incoming packets bearing a zero origin timestamp. This allowed a trivial bypass of TEST2, the origin timestamp check, by setting the origin timestamp on spoofed packets equal to zero (CVE-2015-8138,CVE-2016-7431).\n\nntp-4.2.8p9 fixes CVE-2015-8138 by rejecting packets with zero origin timestamps in all modes where that is not expected legitimate behavior. However, for reasons unknown, before rejecting a packet bearing a zero origin timestamp, ntp-4.2.8p9 clears the expected origin timestamp (peer->aorg) as can be seen in the following abstracted code:\n \n \n if (0) {\n } else if (L_ISZERO(&p_org)) {\n char *action;\n \n L_CLR(&peer->aorg);\n ...\n peer->bogusorg++;\n peer->flash |= TEST2; /* bogus */\n ... /* packet will be dropped */\n } else if (!L_ISEQU(&p_org, &peer->aorg)) {\n peer->bogusorg++;\n peer->flash |= TEST2; /* bogus */\n ... /* packet will be dropped */\n } else {\n L_CLR(&peer->aorg);\n }\n \n\nThis leads to a trivial denial of service. An unauthenticated network attacker who knows the address of one of the peers of a victim ntpd process can send the victim ntpd spoofed packets with the source address of the peer and a zero origin timestamp in order to reset peer->aorg for that peer. This will cause the next packet sent from the peer to fail the origin timestamp check (TEST2) and be dropped. The attacker can repeat this each poll period for all known peers in order to prevent their packets from being accepted by the victim ntpd.\n\nThis attack is very effective against symmetric associations where the duration between an outgoing packet from the victim ntpd and its \"response\" will be on the order of seconds to minutes. The attack is more difficult for client-server associations where the request-response window is likely to be on the order of milliseconds. However, if the attacker can observe the victim ntpd's request packet, it can attempt to race the remote peer's legitimate response.\n\nAn attacker can learn the currently selected peer of a victim ntpd process by sending the victim a client mode request and reading the peer's address from the refid field of the victim's response. This allows the attacker to target the currently selected peer one at a time until it has learned and targeted all peers of the victim ntpd process. If the victim allows NTP control queries or the attacker can observe the victim's NTP traffic, the attacker can easily learn all the victim's peers.\n\nThe call to L_CLR(&peer->aorg) when a zero-origin timestamp packet is received appears unnecessary and should be removed. To see that clearing peer->aorg is unnecessary, let's consider the operation of each NTP mode in turn after omitting the L_CLR(&peer->aorg):\n\n * Client-Server: Servers are stateless, so the change has no effect on them. Clients should not be sending requests with zero transmit timestamps and, therefore, should not be receiving responses with zero origin timestamps. Thus, removing the L_CLR(&peer->aorg) should have no effect on legitimate client-server behavior.\n\n * Broadcast: Broadcast packets are handled separately and thus are not influenced by the behavior of this code.\n\n * Symmetric (Active and Passive): When two symmetric peers are synchronized to a legitimate time source (0 < stratum < 16) and the association between them is fully operational, the origin timestamp on incoming packets will be non-zero and equal to peer->aorg, thus avoiding the L_CLR(&peer->aorg). The interesting cases occur when there is packet loss or one peer resets their association (e.g. ntpd is restarted).\n\nWithout loss of generality, let A be the sender and B the recipient of the first packet with pkt->org != peer->aorg. If A reset its association with B, pkt->org == 0. Otherwise, pkt->org != 0 && pkt->org != peer->aorg. In either case, B will mark the packet as having failed TEST2. However, if the packet is authenticated correctly for the association, B will update peer->xmt = pkt->xmt before rejecting the packet due to failing TEST2. In B's next packet to A, it will set pkt->org = peer->xmt and peer->aorg = pkt->xmt, ensuring that the packet will pass TEST2 at A, causing it to be accepted by A, and overwriting any previous value of peer->aorg at B. A will update its peer variables for B as well, ensuring that A's next packet will be accepted by B. From this point on, the symmetric association between A and B has successfully resynchronized.\n\nThus, we see that recovery from packet loss or peer restart is not hampered by allowing peer->aorg to maintain its previous value when a packet with a zero origin timestamp is received. Further to the point, ntpd versions prior to ntp-4.2.8p6 did not clear peer->aorg upon receipt of a packet bearing a zero origin timestamp.\n\n### Mitigation\n\nThe only ntpd-based mitigations for this vulnerability are to try to make it harder for an attacker to guess the peers of ntpd instances and to monitor ntpd logs for messages such as the following:\n \n \n ntpd[16767]: receive: Drop 0 origin timestamp from sym_active@192.168.33.12 xmt 0xdbe84918.63324800\n \n ntpd[16767]: receive: Unexpected origin timestamp 0xdbe849a1.279a6fea does not match aorg 0000000000.00000000 from sym_active@192.168.33.12 xmt 0xdbe849a4.52a12e3a\n \n\nAll ntpd instances should be configured to block control queries from untrusted servers. This is best practice.\n\nAll ntpd clients should block all incoming traffic that does not originate from a known peer address. This can be accomplished with a stateful firewall.\n\nBecause peer->aorg is cleared before authentication is enforced, enabling NTP authentication does not prevent exploitation of this vulnerability.\n\n### Timeline\n\n2017-01-04 - Vendor Disclosure \n2017-03-29 - Public Release \n\n\n##### Credit\n\nDiscovered by Matthew Van Gundy of Cisco ASIG.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0230\n\nPrevious Report\n\nTALOS-2017-0269\n", "edition": 13, "reporter": "Talos Intelligence", "published": "2017-03-29T00:00:00", "title": "Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability", "type": "talos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-8138", "CVE-2016-9042", "CVE-2016-7431"], "modified": "2017-03-29T00:00:00", "id": "TALOS-2016-0260", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:36:32", "references": [], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0203\n\n## Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability\n\n##### November 21, 2016\n\n##### CVE Number\n\nCVE-2016-9310\n\n### Summary\n\nAn exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.\n\n### Tested Versions\n\nNTP 4.2.8p3 \nNTP 4.2.8p8 \nNTPsec 0.9.1 \nNTPsec 0.9.3\n\n### Product URLs\n\nhttp://www.ntp.org \nhttp://www.ntpsec.org/\n\n### CVSS Scores\n\nCVSSv2: 6.4 - (AV:N/AC:L/Au:N/C:P/I:P/A:N) \nCVSSv3: 6.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\n\n### Details\n\nntpd provides a `trap` functionality that sends asynchronous notifications to a number of `trap receivers` whenever an event of interest occurs. Example events of interest include: association mobilization and demobilization, authentication failures, reachability changes, etc.\n\nSince at least ntp-4.0.94 (July 21, 1999), ntpd has allowed traps to be configured via control (mode 6) and private (mode 7) NTP modes. Though private mode requires messages modifying trap settings to be be authenticated, control mode allows unauthenticated packets to modify trap settings using the `SETTRAP` and `UNSETTRAP` control messages.\n\nThis vulnerability can be used to achieve several goals:\n\n * Time Shifting: If an attacker controls a host that is allowed to receive traps (i.e. not restricted by `restrict noquery` or `restrict notrap`), the attacker can instruct a victim ntpd instance to send traps to the attacker's host. Whenever a reportable event occurs for some peer, the victim ntpd will send a trap to the attacker leaking all the peer variables associated with that peer. The information leaked includes the peer's org and rec variables allowing the attacker to bypass TEST2 and impersonate said peer in a manner similar to CVE-2015-8139 and CVE-2016-1548.\n\nThe attacker can force the victim ntpd to leak the information for any peer at any time by triggering a reportable event for said peer. There are multiple methods to trigger a reportable event for a peer, among them spoofing an invalid crypto-NAK or incorrectly authenticated packet from the peer.\n\nNOTE: With ntp-4.2.8p8 and earlier the 0rigin attack (CVE-2015-8138) [1] already allows impersonation of reachable peers. In those ntpd versions, this vulnerability provides another method for impersonating unreachable peers.\n\n * DDoS Amplification: An attacker can use an ntpd instance as a DDoS amplifier to DDoS hosts that are allowed to receive traps from the ntpd instance using the following technique. The amplification factor is 12-13x.\n\nThe attacker forges a `SETTRAP` packet from the `victim` to the `amplifier`, causing the `amplifier` to set a trap for the `victim`. The attacker then repeatedly triggers reportable events causing trap messages to be sent to the victim. E.g. the attacker rapidly forges invalid crypto-NAKs and/or bad_auth packets from the `victim`'s `sys_peer`.\n\nntpd attempts to limit the number of consecutive traps sent for events of a single type. To maximize effect, the attacker can alternate between events of different types.\n\nntpd will periodically time out old traps when a new one is set. Therefore, for a long-term attack, the attacker may need to periodically refresh the trap on the `amplifier`.\n\n * Evading Monitoring: In an environment where dynamically configured traps are used to modify an ntpd instance, an unauthenticated attacker can remove traps set by legitimate monitoring systems by spoofing the source address of the `trap receiver` in an `UNSETTRAP` message.\n\nAuthentication should be required in order to modify trap configuration.\n\n### Mitigation\n\nSeveral mitigations can lessen the impact of this vulnerability.\n\n 1. Unauthorized hosts can be prevented from receiving traps using the `restrict default notrap` restriction. This setting is the default on many modern Linux systems.\n\nThis mitigation has no effect on the \"Evading Monitoring\" impact described above because the alleged sender of the packet is an authorized trap receiver.\n\n 2. Block NTP control mode trap configuration commands using a firewall or IPS. It does not appear that support for configuring control mode traps was ever implemented in ntpq, the reference NTP control mode client. As such, on most networks blocking control mode trap configuration commands should have no effect on legitimate traffic. Specifically, firewalls should block packets with the following characteristics:\n\n * UDP Destination Port: 123\n * NTP Mode: 6\n * NTP Control Operation Code: 6 (SETTRAP) or 31 (UNSETTRAP)\n\nTraps specified in ntp.conf cannot be modified using this vulnerability.\n\n[1] http://www.talosintelligence.com/reports/TALOS-2016-0077/\n\n### Timeline\n\n2016-09-20 - Vendor Disclosure \n2016-11-21 - Public Release\n\n##### Credit\n\nDiscovered by Matthew Van Gundy of Cisco ASIG.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0131\n\nPrevious Report\n\nTALOS-2016-0204\n", "edition": 9, "reporter": "Talos Intelligence", "published": "2016-11-21T00:00:00", "title": "Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability", "type": "talos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-1548", "CVE-2015-8138", "CVE-2015-8139", "CVE-2016-9310"], "modified": "2016-11-21T00:00:00", "id": "TALOS-2016-0203", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0203", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T12:01:00", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "### Summary\r\nAn exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.\r\n\r\n### Tested Versions\r\nNTP 4.2.8p9\r\n\r\n### Product URLs\r\nhttp://www.ntp.org\r\n\r\n### CVSSv3 Score\r\nCVSSv2: 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3: 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\r\n\r\n### Details\r\nIn most modes, NTP prevents spoofing by off-path attackers by verifying that the origin timestamp of an incoming NTP packet matches the transmit timestamp on the daemon's last outgoing packet --- using the transmit and origin timestamps as a per-request nonce. This test described in RFC 5905 and dubbed TEST2 in ntpd's source code. To prevent an NTP daemon from accepting responses to duplicated request packets, RFC 5095 also specifies that the expected origin timestamp should be set to zero after successfully validating the origin timestamp of an incoming packet. Unfortunately, ntpd releases before 4.2.8p9 did not correctly reject incoming packets bearing a zero origin timestamp. This allowed a trivial bypass of TEST2, the origin timestamp check, by setting the origin timestamp on spoofed packets equal to zero (CVE-2015-8138,CVE-2016-7431).\r\n\r\nntp-4.2.8p9 fixes CVE-2015-8138 by rejecting packets with zero origin timestamps in all modes where that is not expected legitimate behavior. However, for reasons unknown, before rejecting a packet bearing a zero origin timestamp, ntp-4.2.8p9 clears the expected origin timestamp (peer->aorg) as can be seen in the following abstracted code:\r\n```\r\nif (0) {\r\n} else if (L_ISZERO(&p_org)) {\r\n char *action;\r\n\r\n L_CLR(&peer->aorg);\r\n ...\r\n peer->bogusorg++;\r\n peer->flash |= TEST2; /* bogus */\r\n ... /* packet will be dropped */\r\n} else if (!L_ISEQU(&p_org, &peer->aorg)) {\r\n peer->bogusorg++;\r\n peer->flash |= TEST2; /* bogus */\r\n ... /* packet will be dropped */\r\n} else {\r\n L_CLR(&peer->aorg);\r\n}\r\n```\r\n\r\nThis leads to a trivial denial of service. An unauthenticated network attacker who knows the address of one of the peers of a victim ntpd process can send the victim ntpd spoofed packets with the source address of the peer and a zero origin timestamp in order to reset peer->aorg for that peer. This will cause the next packet sent from the peer to fail the origin timestamp check (TEST2) and be dropped. The attacker can repeat this each poll period for all known peers in order to prevent their packets from being accepted by the victim ntpd.\r\n\r\nThis attack is very effective against symmetric associations where the duration between an outgoing packet from the victim ntpd and its \"response\" will be on the order of seconds to minutes. The attack is more difficult for client-server associations where the request-response window is likely to be on the order of milliseconds. However, if the attacker can observe the victim ntpd's request packet, it can attempt to race the remote peer's legitimate response.\r\n\r\nAn attacker can learn the currently selected peer of a victim ntpd process by sending the victim a client mode request and reading the peer's address from the refid field of the victim's response. This allows the attacker to target the currently selected peer one at a time until it has learned and targeted all peers of the victim ntpd process. If the victim allows NTP control queries or the attacker can observe the victim's NTP traffic, the attacker can easily learn all the victim's peers.\r\n\r\nThe call to LCLR(&peer->aorg) when a zero-origin timestamp packet is received appears unnecessary and should be removed. To see that clearing peer->aorg is unnecessary, let's consider the operation of each NTP mode in turn after omitting the LCLR(&peer->aorg):\r\n\r\n* Client-Server: Servers are stateless, so the change has no effect on them. Clients should not be sending requests with zero transmit timestamps and, therefore, should not be receiving responses with zero origin timestamps. Thus, removing the L_CLR(&peer->aorg) should have no effect on legitimate client-server behavior.\r\n* Broadcast: Broadcast packets are handled separately and thus are not influenced by the behavior of this code.\r\n* Symmetric (Active and Passive): When two symmetric peers are synchronized to a legitimate time source (0 < stratum < 16) and the association between them is fully operational, the origin timestamp on incoming packets will be non-zero and equal to peer->aorg, thus avoiding the L_CLR(&peer->aorg). The interesting cases occur when there is packet loss or one peer resets their association (e.g. ntpd is restarted).\r\n\r\n\r\nWithout loss of generality, let A be the sender and B the recipient of the first packet with pkt->org != peer->aorg. If A reset its association with B, pkt->org == 0. Otherwise, pkt->org != 0 && pkt->org != peer->aorg. In either case, B will mark the packet as having failed TEST2. However, if the packet is authenticated correctly for the association, B will update peer->xmt = pkt->xmt before rejecting the packet due to failing TEST2. In B's next packet to A, it will set pkt->org = peer->xmt and peer->aorg = pkt->xmt, ensuring that the packet will pass TEST2 at A, causing it to be accepted by A, and overwriting any previous value of peer->aorg at B. A will update its peer variables for B as well, ensuring that A's next packet will be accepted by B. From this point on, the symmetric association between A and B has successfully resynchronized.\r\n\r\nThus, we see that recovery from packet loss or peer restart is not hampered by allowing peer->aorg to maintain its previous value when a packet with a zero origin timestamp is received. Further to the point, ntpd versions prior to ntp-4.2.8p6 did not clear peer->aorg upon receipt of a packet bearing a zero origin timestamp.\r\n\r\n### Mitigation\r\nThe only ntpd-based mitigations for this vulnerability are to try to make it harder for an attacker to guess the peers of ntpd instances and to monitor ntpd logs for messages such as the following:\r\n```\r\nntpd[16767]: receive: Drop 0 origin timestamp from sym_active@192.168.33.12 xmt 0xdbe84918.63324800\r\n\r\nntpd[16767]: receive: Unexpected origin timestamp 0xdbe849a1.279a6fea does not match aorg 0000000000.00000000 from sym_active@192.168.33.12 xmt 0xdbe849a4.52a12e3a\r\n```\r\nAll ntpd instances should be configured to block control queries from untrusted servers. This is best practice.\r\n\r\nAll ntpd clients should block all incoming traffic that does not originate from a known peer address. This can be accomplished with a stateful firewall.\r\n\r\nBecause peer->aorg is cleared before authentication is enforced, enabling NTP authentication does not prevent exploitation of this vulnerability.\r\n### Timeline\r\n* 2017-01-04 - Vendor Disclosure\r\n* 2017-03-29 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Matthew Van Gundy of Cisco ASIG.", "reporter": "Root", "published": "2017-09-20T00:00:00", "type": "seebug", "title": "Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8138", "CVE-2016-7431", "CVE-2016-9042"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2017-09-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96543", "id": "SSV:96543", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "", "status": "cve,details"}, {"lastseen": "2017-11-19T12:15:06", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "### Summary\r\nAn exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.\r\n\r\n### Tested Versions\r\n* NTP 4.2.8p3\r\n* NTP 4.2.8p8\r\n* NTPsec 0.9.1\r\n* NTPsec 0.9.3\r\n\r\n### Product URLs\r\n* http://www.ntp.org\r\n* http://www.ntpsec.org/\r\n\r\n### CVSS Scores\r\n* CVSSv2: 6.4 - (AV:N/AC:L/Au:N/C:P/I:P/A:N)\r\n* CVSSv3: 6.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\r\n\r\n### Details\r\nntpd provides a `trap` functionality that sends asynchronous notifications to a number of `trap receivers` whenever an event of interest occurs. Example events of interest include: association mobilization and demobilization, authentication failures, reachability changes, etc.\r\n\r\nSince at least ntp-4.0.94 (July 21, 1999), ntpd has allowed traps to be configured via control (mode 6) and private (mode 7) NTP modes. Though private mode requires messages modifying trap settings to be be authenticated, control mode allows unauthenticated packets to modify trap settings using the `SETTRAP` and `UNSETTRAP` control messages.\r\n\r\nThis vulnerability can be used to achieve several goals:\r\n\r\n* Time Shifting: If an attacker controls a host that is allowed to receive traps (i.e. not restricted by `restrict noquery` or `restrict notrap`), the attacker can instruct a victim ntpd instance to send traps to the attacker's host. Whenever a reportable event occurs for some peer, the victim ntpd will send a trap to the attacker leaking all the peer variables associated with that peer. The information leaked includes the peer's org and rec variables allowing the attacker to bypass TEST2 and impersonate said peer in a manner similar to CVE-2015-8139 and CVE-2016-1548.\r\nThe attacker can force the victim ntpd to leak the information for any peer at any time by triggering a reportable event for said peer. There are multiple methods to trigger a reportable event for a peer, among them spoofing an invalid crypto-NAK or incorrectly authenticated packet from the peer.\r\nNOTE: With ntp-4.2.8p8 and earlier the 0rigin attack (CVE-2015-8138) [1] already allows impersonation of reachable peers. In those ntpd versions, this vulnerability provides another method for impersonating unreachable peers.\r\n\r\n* DDoS Amplification: An attacker can use an ntpd instance as a DDoS amplifier to DDoS hosts that are allowed to receive traps from the ntpd instance using the following technique. The amplification factor is 12-13x.\r\n\r\nThe attacker forges a `SETTRAP` packet from the `victim` to the `amplifier`, causing the `amplifier` to set a trap for the `victim`. The attacker then repeatedly triggers reportable events causing trap messages to be sent to the victim. E.g. the attacker rapidly forges invalid crypto-NAKs and/or bad_auth packets from the `victim`'s `sys_peer`.\r\nntpd attempts to limit the number of consecutive traps sent for events of a single type. To maximize effect, the attacker can alternate between events of different types.\r\nntpd will periodically time out old traps when a new one is set. Therefore, for a long-term attack, the attacker may need to periodically refresh the trap on the `amplifier`.\r\nEvading Monitoring: In an environment where dynamically configured traps are used to modify an ntpd instance, an unauthenticated attacker can remove traps set by legitimate monitoring systems by spoofing the source address of the `trap receiver` in an `UNSETTRAP` message.\r\n\r\nAuthentication should be required in order to modify trap configuration.\r\n\r\n### Mitigation\r\nSeveral mitigations can lessen the impact of this vulnerability.\r\n\r\n1. Unauthorized hosts can be prevented from receiving traps using the `restrict default notrap` restriction. This setting is the default on many modern Linux systems.\r\nThis mitigation has no effect on the \"Evading Monitoring\" impact described above because the alleged sender of the packet is an authorized trap receiver.\r\n2. Block NTP control mode trap configuration commands using a firewall or IPS. It does not appear that support for configuring control mode traps was ever implemented in ntpq, the reference NTP control mode client. As such, on most networks blocking control mode trap configuration commands should have no effect on legitimate traffic. Specifically, firewalls should block packets with the following characteristics:\r\n\t* UDP Destination Port: 123\r\n\t* NTP Mode: 6\r\n\t* NTP Control Operation Code: 6 (SETTRAP) or 31 (UNSETTRAP)\r\n\r\nTraps specified in ntp.conf cannot be modified using this vulnerability.\r\n[1] http://www.talosintelligence.com/reports/TALOS-2016-0077/\r\n\r\n### Timeline\r\n* 2016-09-20 - Vendor Disclosure\r\n* 2016-11-21 - Public Release", "reporter": "Root", "published": "2017-10-11T00:00:00", "type": "seebug", "title": "Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8138", "CVE-2015-8139", "CVE-2016-1548", "CVE-2016-9310"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2017-10-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96647", "id": "SSV:96647", "sourceData": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}], "paloalto": [{"lastseen": "2018-08-31T00:11:40", "references": [], "description": "The open source ntp project has been found to contain several vulnerabilities (CVE-2015-8158, CVE-2015-8138, CVE-2015-7979, CVE-2015-7978, CVE-2015-7977, CVE-2015-7976, CVE-2015-7975, CVE-2015-7974, CVE-2015-7973, all released in January 2016). Palo Alto...\n", "edition": 3, "reporter": "Palo Alto Networks Product Security Incident Response Team", "published": "2016-08-15T00:00:00", "title": "NTP Vulnerabilities", "type": "paloalto", "enchantments": {"score": {"modified": "2018-08-31T00:11:40", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PAN-OS", "version": "7.1.3", "operator": "le"}, {"name": "PAN-OS", "version": "7.0.8", "operator": "le"}, {"name": "PAN-OS", "version": "6.1.12", "operator": "le"}, {"name": "PAN-OS", "version": "5.1.12", "operator": "le"}, {"name": "PAN-OS", "version": "6.0.1", "operator": "le"}, {"name": "PAN-OS", "version": "5.0.19", "operator": "le"}], "cvelist": ["CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-10-18T00:00:00", "id": "PAN-SA-2016-0019", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/52", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:10", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "i686", "packageFilename": "ntp-debuginfo-4.2.6p5-36.29.amzn1.i686.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "x86_64", "packageFilename": "ntp-4.2.6p5-36.29.amzn1.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "i686", "packageFilename": "ntp-4.2.6p5-36.29.amzn1.i686.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "x86_64", "packageFilename": "ntp-debuginfo-4.2.6p5-36.29.amzn1.x86_64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "noarch", "packageFilename": "ntp-doc-4.2.6p5-36.29.amzn1.noarch.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "src", "packageFilename": "ntp-4.2.6p5-36.29.amzn1.src.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "i686", "packageFilename": "ntpdate-4.2.6p5-36.29.amzn1.i686.rpm", "packageName": "ntpdate", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "noarch", "packageFilename": "ntp-perl-4.2.6p5-36.29.amzn1.noarch.rpm", "packageName": "ntp-perl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.2.6p5-36.29.amzn1", "arch": "x86_64", "packageFilename": "ntpdate-4.2.6p5-36.29.amzn1.x86_64.rpm", "packageName": "ntpdate", "operator": "lt"}], "description": "**Issue Overview:**\n\nIt was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. ([CVE-2015-8138 __](<https://access.redhat.com/security/cve/CVE-2015-8138>))\n\nA NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. ([CVE-2015-7977 __](<https://access.redhat.com/security/cve/CVE-2015-7977>))\n\nIt was found that NTP does not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key. ([CVE-2015-7974 __](<https://access.redhat.com/security/cve/CVE-2015-7974>))\n\nA stack-based buffer overflow was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. ([CVE-2015-7978 __](<https://access.redhat.com/security/cve/CVE-2015-7978>))\n\nIt was found that when NTP is configured in broadcast mode, an off-path attacker could broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server. This could cause the time on affected clients to become out of sync over a longer period of time. ([CVE-2015-7979 __](<https://access.redhat.com/security/cve/CVE-2015-7979>))\n\nA flaw was found in the way the ntpq client certain processed incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. ([CVE-2015-8158 __](<https://access.redhat.com/security/cve/CVE-2015-8158>))\n\nA flaw was found in ntpd that allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. ([CVE-2016-4953 __](<https://access.redhat.com/security/cve/CVE-2016-4953>))\n\n(Updated 2016-10-18: [CVE-2016-4953 __](<https://access.redhat.com/security/cve/CVE-2016-4953>) was fixed in this release but was not previously part of this errata.)\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n ntp-4.2.6p5-36.29.amzn1.i686 \n ntpdate-4.2.6p5-36.29.amzn1.i686 \n ntp-debuginfo-4.2.6p5-36.29.amzn1.i686 \n \n noarch: \n ntp-doc-4.2.6p5-36.29.amzn1.noarch \n ntp-perl-4.2.6p5-36.29.amzn1.noarch \n \n src: \n ntp-4.2.6p5-36.29.amzn1.src \n \n x86_64: \n ntpdate-4.2.6p5-36.29.amzn1.x86_64 \n ntp-4.2.6p5-36.29.amzn1.x86_64 \n ntp-debuginfo-4.2.6p5-36.29.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2016-10-18T12:15:00", "title": "Important: ntp", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:10", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138", "CVE-2016-4953", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-10-18T12:15:00", "id": "ALAS-2016-649", "href": "https://alas.aws.amazon.com/ALAS-2016-649.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cisco": [{"lastseen": "2018-02-03T06:00:24", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"], "description": "A vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nThe vulnerability is due to insufficient checking of the duplicate peers requested to be removed by the NTP Mode 7 'unconfig' command. A successful exploit could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nThe vulnerability is due to insufficient validation of the user supplied data. A successful exploit could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to cause out-of-bond references on the affected device.\n\nThe vulnerability is due to insufficient validation of the crafted packets carrying a illegal hmode value. A successful exploit could allow an authenticated, remote attacker to cause out-of-bond references on the affected device.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to change the values of trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted.\n\nThe vulnerability is due to insufficient validation of remote configuration trustedkey/requestkey values when the system is expressly configured to allow for remote configuration. A successful exploit could allow an authenticated, remote attacker to change the values of trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to modify the system clock on a targeted system.\n\nThe vulnerability is due to not enforcing the limit on the number of active ephemeral associations that may be created under a single key. A successful exploit could allow a malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win ntpd's clock selection algorithm and modify a victim's clock.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to brute force the message digest by guessing values and determining when the comparison function runs for a longer amount of time.\n\nThe vulnerability is due to susceptibility of the authentication process to brute force by a timing attack. A successful exploit could allow an unauthenticated, remote attacker to brute force the message digest by guessing values and determining when the comparison function runs for a longer amount of time.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to cause a preemptable client association to be removed.\n\nThe vulnerability is due to insufficient validation the pre-emptable client associations' authentication. A successful exploit could allow an unauthenticated, remote attacker to cause a preemptable client association to be removed.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to change an existing client/server association to an interleaved symmetric mode, allowing malicious actor can then control the time or deny access to the legitimate server.\n\nThe vulnerability is due to insufficient validation of the user supplied data. A successful exploit could allow an unauthenticated, remote attacker to change an existing client/server association to an interleaved symmetric mode, allowing malicious actor can then control the time or deny access to the legitimate server.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to inject the refclock source IP to the NTPd process and thus take over the system clock on a targeted system.\n\nThe vulnerability is due to insufficient checks of the source IP address of the incoming NTP packet by the affected software. An attacker could exploit this vulnerability by sending a crafted packet to a targeted system. A successful exploit could allow remote attacker to inject the refclock source IP to the NTPd process and thus take over the system clock on a targeted system\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to modify time settings on a targeted system.\n\nThe vulnerability is due to incorrect processing of NTP update packets. An attacker could exploit this vulnerability by sending crafted updates that contain an a zero-origin timestamp to the clients' peer server. An exploit could allow the attacker to modify the time values received by the client, preventing client systems from receiving further updates from its legitimately configured time server.\n\nA vulnerability in the Network Time Protocol daemon could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper validation of user-supplied input. An unauthenticated, remote attacker could exploit the vulnerability by sending malicious requests to the targeted system.\n\nMultiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system's time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix.\n\nThe new vulnerabilities disclosed in this document are as follows:\n\n CVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability\n CVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability\n CVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability\n CVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks\n CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability\n CVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd\n CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated\n CVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC\n CVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked\n\nThe two vulnerabilities that were previously disclosed without a complete fix are as follows:\n\n CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass\n CVE-2015-7704: Network Time Protocol Packet Processing Denial of Service Vulnerability\n\nThose vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:\n\n \n Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015[\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp\"]\n \n Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016[\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd\"]\n\nAdditional details about each vulnerability are in the NTP Consortium Security Notice[\"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security\"].\n\nCisco will release software updates that address these vulnerabilities.\n\nWorkarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.\n\nThis advisory is available at the following link: \n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd\"]", "reporter": "Cisco", "published": "2016-04-28T09:00:00", "type": "cisco", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Application and Content Networking System (ACNS) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Unity", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Access Registrar", "version": "any", "operator": "eq"}, {"name": "Cisco Emergency Responder", "version": "any", "operator": "eq"}, {"name": "Cisco IOS XR Software", "version": "any", "operator": "eq"}, {"name": "Cisco Unity Express", "version": "any", "operator": "eq"}, {"name": "Cisco NAC Appliance Software", "version": "any", "operator": "eq"}, {"name": "Intrusion Prevention System (IPS)", "version": "any", "operator": "eq"}, {"name": "Cisco ACE Application Control Engine Module", "version": "any", "operator": "eq"}, {"name": "Cisco Wide Area Application Services (WAAS)", "version": "any", "operator": "eq"}, {"name": "Cisco IP Interoperability and Collaboration System (IPICS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unity Connection", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence", "version": "any", "operator": "eq"}, {"name": "Cisco Physical Access Gateway", "version": "any", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "any", "operator": "eq"}, {"name": "Cisco Video Surveillance Media Server Software", "version": "any", "operator": "eq"}, {"name": "Cisco Digital Media Manager Software", "version": "any", "operator": "eq"}, {"name": "Cisco MeetingPlace Server", "version": "any", "operator": "eq"}, {"name": "Cisco Network Analysis Module (NAM) Software", "version": "any", "operator": "eq"}, {"name": "Cisco IronPort Encryption Appliance", "version": "any", "operator": "eq"}, {"name": "Cisco Network Admission Control Guest Server", "version": "any", "operator": "eq"}, {"name": "Cisco Show and Share", "version": "any", "operator": "eq"}, {"name": "Cisco Identity Services Engine Software", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence Video Communication Server (VCS)", "version": "any", "operator": "eq"}, {"name": "Cisco ASA CX Context-Aware Security Software", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Security Manager (PRSM)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Data Center Network Manager (DCNM)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime LAN Management Solution (LMS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Communications Domain Manager", "version": "any", "operator": "eq"}, {"name": "Cisco Content Security Management Appliance (SMA)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Infrastructure", "version": "any", "operator": "eq"}, {"name": "Cisco Connected Grid Network Management System (CG-NMS)", "version": "any", "operator": "eq"}, {"name": "Cisco WebEx Node for MCS", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Computing System Central Software", "version": "any", "operator": "eq"}, {"name": "Cisco Enterprise Content Delivery System (ECDS)", "version": "any", "operator": "eq"}, {"name": "Cisco Virtualization Experience Media Engine", "version": "any", "operator": "eq"}, {"name": "Cisco MediaSense", "version": "any", "operator": "eq"}, {"name": "Cisco Unified SIP Proxy", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Computing System Director", "version": "any", "operator": "eq"}, {"name": "Cisco Videoscape Distribution Suite Transparent Caching (VDS TC)", "version": "any", "operator": "eq"}, {"name": "Cisco Digital Content Manager (DCM) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Service Catalog", "version": "any", "operator": "eq"}, {"name": "Cisco Nexus 1000V Switch", "version": "any", "operator": "eq"}, {"name": "Cisco Application Policy Infrastructure Controller (APIC)", "version": "any", "operator": "eq"}, {"name": "Cisco Expressway", "version": "any", "operator": "eq"}, {"name": "Cisco Jabber Guest", "version": "any", "operator": "eq"}, {"name": "Cisco Visual Quality Experience", "version": "any", "operator": "eq"}, {"name": "Cisco Prime License Manager", "version": "any", "operator": "eq"}, {"name": "Cisco onePK All-in-One Virtual Machine", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Network Services Controller", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence ISDN Link", "version": "any", "operator": "eq"}, {"name": "Cisco Telepresence Conductor", "version": "any", "operator": "eq"}, {"name": "Cisco FireSIGHT System Software", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Collaboration Assurance", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Collaboration Provisioning", "version": "any", "operator": "eq"}, {"name": "Cisco Paging Server", "version": "any", "operator": "eq"}, {"name": "Cisco D9036 Modular Encoding Platform", "version": "any", "operator": "eq"}, {"name": "Cisco Videoscape Control Suite", "version": "any", "operator": "eq"}, {"name": "Cisco Small Business Video Surveillance Cameras Firmware", "version": "any", "operator": "eq"}, {"name": "Cisco Virtual Topology System (VTS)", "version": "any", "operator": "eq"}, {"name": "Cisco Nexus 3000 Series Switch", "version": "any", "operator": "eq"}, {"name": "Cisco Hosted Collaboration Mediation Fulfillment", "version": "any", "operator": "eq"}, {"name": "Cisco Cloud Services Platform 2100", "version": "any", "operator": "eq"}, {"name": "Cisco Registered Envelope Service", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2015-7704", "CVE-2015-8138", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1549", "CVE-2016-1550", "CVE-2016-1551", "CVE-2016-2516", "CVE-2016-2517", "CVE-2016-2518", "CVE-2016-2519"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2016-05-13T15:48:40", "id": "CISCO-SA-20160428-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-07T14:09:29", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"], "description": "A vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to modify the system clock on a targeted system.\n\nThe vulnerability is due to insufficient checks of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending a crafted packet to a targeted NTP client. A successful exploit could disable server synchronization, resulting in the ability to modify the system clock on the targeted client system.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow a local attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper initial sync calculations that are performed by the affected software. The vulnerability was introduced as the result of an attempt to fix NTP Bug 2085, involving a condition where the root delay was included twice, causing a higher than expected jitter value. Because of a misinterpretation of a small-print variable, a root distance would not include the peer dispersion. An attacker could exploit this vulnerability to cause a partial DoS condition on an affected system.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper handling of crafted packets by the affected software when the trap service is enabled. An attacker could exploit this vulnerability by sending crafted packets to a targeted system. An exploit could cause a NULL pointer dereference that could cause the ntpd service to crash, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to insufficient resource pooling when rate limiting for all associations is configured within the affected software. An attacker could exploit this vulnerability by sending crafted packets with a spoofed source address to the targeted system. An exploit could prevent the affected software from accepting valid responses from its configured sources, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied data by the affected software. An attacker could exploit the vulnerability by sending a malicious packet to a targeted system. A successful exploit could cause the ntpd to stop functioning, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied data by the affected software. An unauthenticated, remote attacker could exploit the vulnerability by sending a malicious packet to a targeted system. A successful exploit could cause the ntpd to stop functioning, resulting in a DoS condition.\n\nA vulnerability in the broadcast-mode, poll-interval enforcement functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper resource management by the affected software. An attacker who has access to the broadcast domain of a targeted system could exploit this vulnerability by injecting crafted, broadcast-mode NTP packets into the broadcast domain in which the targeted system resides. A successful exploit could cause the NTP daemon to reject broadcast-mode packets from legitimate broadcast servers, resulting in a DoS condition.\n\nA vulnerability in the broadcast-mode, replay prevention functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper resource management by the affected software. An attacker who has access to the broadcast domain of a targeted system could exploit this vulnerability by injecting crafted, broadcast-mode NTP packets into the broadcast domain in which the targeted system resides. A successful exploit could cause the NTP daemon to reject broadcast-mode packets from legitimate broadcast servers, resulting in a DoS condition.\n\nA vulnerability in the control mode (mode 6) functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper security restrictions that could lead to configuration modification. If the restrict default noquery best current practices recommendation for NTP is not specified, an attacker could exploit this vulnerability by sending a crafted control mode packet to an affected system. An exploit could allow the attacker to modify the affected software. The attacker could set ntpd traps, which could be leveraged to disclose sensitive information or aid in DDoS amplification. In addition, an attacker could unset ntpd traps, which could disable monitoring, resulting in a DoS condition.\n\nMultiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time.\n\nThe new vulnerabilities disclosed in this document are as follows:\n\nNetwork Time Protocol Trap Service Denial of Service Vulnerability\nNetwork Time Protocol Broadcast Mode Denial of Service Vulnerability\nNetwork Time Protocol Broadcast Mode Denial of Service Vulnerability\nNetwork Time Protocol Insufficient Resource Pool Denial of Service Vulnerability\nNetwork Time Protocol Configuration Modification Denial of Service Vulnerability\nNetwork Time Protocol mrulist Query Requests Denial of Service Vulnerability\nNetwork Time Protocol Multiple Binds to the Same Port Vulnerability\nNetwork Time Protocol Rate Limiting Denial of Service Vulnerability\n\nAs well as:\n\nRegression of CVE-2015-8138\nNetwork Time Protocol Reboot sync calculation problem\n Additional details about each vulnerability are in the NTP Consortium Security Notice [\"http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se\"].\n\nWorkarounds that address one or more of these vulnerabilities may be available and are documented in the Cisco bug for each affected product.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd\"]", "reporter": "Cisco", "published": "2016-11-23T16:00:00", "type": "cisco", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Application and Content Networking System (ACNS) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Emergency Responder", "version": "any", "operator": "eq"}, {"name": "Cisco IOS XR Software", "version": "any", "operator": "eq"}, {"name": "Cisco Unity Express", "version": "any", "operator": "eq"}, {"name": "Cisco Wide Area Application Services (WAAS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified MeetingPlace", "version": "any", "operator": "eq"}, {"name": "Cisco IP Interoperability and Collaboration System (IPICS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unity Connection", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence", "version": "any", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "any", "operator": "eq"}, {"name": "Cisco Video Surveillance Media Server Software", "version": "any", "operator": "eq"}, {"name": "Cisco Digital Media Manager Software", "version": "any", "operator": "eq"}, {"name": "Cisco Network Analysis Module (NAM) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Show and Share", "version": "any", "operator": "eq"}, {"name": "Cisco Mobility Services Engine", "version": "any", "operator": "eq"}, {"name": "Cisco Identity Services Engine Software", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence Video Communication Server (VCS)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Data Center Network Manager (DCNM)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime LAN Management Solution (LMS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Communications Domain Manager", "version": "any", "operator": "eq"}, {"name": "Cisco Content Security Management Appliance (SMA)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Infrastructure", "version": "any", "operator": "eq"}, {"name": "Cisco Connected Grid Network Management System (CG-NMS)", "version": "any", "operator": "eq"}, {"name": "Cisco WebEx Node for MCS", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Computing System Central Software", "version": "any", "operator": "eq"}, {"name": "Cisco Enterprise Content Delivery System (ECDS)", "version": "any", "operator": "eq"}, {"name": "Cisco Finesse", "version": "any", "operator": "eq"}, {"name": "Cisco SocialMiner", "version": "any", "operator": "eq"}, {"name": "Cisco MediaSense", "version": "any", "operator": "eq"}, {"name": "Cisco Unified SIP Proxy", "version": "any", "operator": "eq"}, {"name": "Cisco MXE 3500 (Media Experience Engine)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Computing System Director", "version": "any", "operator": "eq"}, {"name": "Cisco Videoscape Distribution Suite Transparent Caching (VDS TC)", "version": "any", "operator": "eq"}, {"name": "Cisco Digital Content Manager (DCM) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Intelligence Center", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Service Catalog", "version": "any", "operator": "eq"}, {"name": "Cisco Nexus 1000V Switch", "version": "any", "operator": "eq"}, {"name": "Cisco Application Policy Infrastructure Controller (APIC)", "version": "any", "operator": "eq"}, {"name": "Cisco Expressway", "version": "any", "operator": "eq"}, {"name": "Cisco Jabber Guest", "version": "any", "operator": "eq"}, {"name": "Cisco Visual Quality Experience", "version": "any", "operator": "eq"}, {"name": "Cisco Prime License Manager", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence ISDN Link", "version": "any", "operator": "eq"}, {"name": "Cisco Telepresence Conductor", "version": "any", "operator": "eq"}, {"name": "Cisco FireSIGHT System Software", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Collaboration Provisioning", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Network", "version": "any", "operator": "eq"}, {"name": "Cisco Paging Server", "version": "any", "operator": "eq"}, {"name": "Cisco Nexus 3000 Series Switch", "version": "any", "operator": "eq"}, {"name": "Cisco Evolved Programmable Network Manager (EPNM)", "version": "any", "operator": "eq"}, {"name": "Cisco Policy Suite (CPS) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Hosted Collaboration Mediation Fulfillment", "version": "any", "operator": "eq"}, {"name": "Cisco Cloud Services Platform 2100", "version": "any", "operator": "eq"}, {"name": "Cisco Registered Envelope Service", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2015-8138", "CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311", "CVE-2016-9312"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2017-01-23T14:51:48", "id": "CISCO-SA-20161123-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-07-14T16:40:18", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"], "description": "A vulnerability in the Network Time Protocol daemon (ntpd) could allow an authenticated, remote attacker to leverage any trusted key, not just the trusted key for its address.\n\nThe vulnerability is exists because ntpd does not properly verify that the key being used matches the proper servers' key. An attacker could exploit this vulnerability by sending packets with any trusted key, as long as the keyid references another key the systems share and that key is used to compute the message authentication code (MAC). An exploit could allow the attacker to masquerade as another configured trusted association.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, adjacent attacker to replay broadcast server packets.\n\nThe vulnerability is due to no replay protection on NTP broadcast packets. An attacker could exploit this vulnerability by capturing and retransmiting NTP broadcast packets to a targeted system. An exploit could allow the attacker to cause time settings on a targeted system to stop updating and maintain a particular time value.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to modify time settings on a targeted system.\n\nThe vulnerability is due to incorrect processing of NTP update packets. An attacker could exploit this vulnerability by sending crafted updates that contain an a zero-origin timestamp to the clients' peer server. An exploit could allow the attacker to modify the time values received by the client, preventing client systems from receiving further updates from its legitimately configured time server.\n\nA vulnerability in the Standard Network Time Protocol query program (ntpq) could allow an unauthenticated, remote attacker to replay a previously captured ntpq command.\n\nThe vulnerability is due to an invalid checking of the sequence number. An attacker could exploit this vulnerability by capturing an authenticated ntpq command that was executed and then replaying back the command at a later stage. An exploit could allow the attacker to replay previously captured ntpq commands.\n\nA vulnerability in the list_restrict4() and list_restrict6() routines of the Network Time Protocol daemon (ntpd) could allow an authenticated, remote attacker to cause the ntpd to crash.\n\nThe vulnerability is due to a null pointer dereference in the list_restrict4() and list_restrict6() routines. An attacker could exploit this vulnerability by performing an ntpdc reslist command against a device that has a large number of NTP restrictions in place. An exploit could allow the attacker to cause the ntpd to crash.\n\nA vulnerability in the standard Network Time Protocol query program (ntpq) could allow a unauthenticated, local attacker to execute a buffer overflow attack.\n\nThe vulnerability is due to the function nextvar() executing a memcpy() into the name buffer without a proper length check. An attacker could exploit this vulnerability by calling ntpq to read variable names from an untrusted source, such as a user or environment variable. An exploit could allow the attacker to trigger a buffer overflow.\n\nA vulnerability in the standard and special Network Time Protocol query program (ntpq and ntpdc) could allow an unauthenticated, remote attacker to cause the ntpq or ntpdc program to remain in a processing loop.\n\nThe vulnerability is due to a loop that is not exited under certain conditions in the ntpq and ntpdc processes. An attacker could exploit this vulnerability by sending malicious packets to an ntpq or ntpdc client from a malicious NTP server or from a privileged network position by conducting a man-in-the-middle attack between a targeted client and the NTP server. An exploit could allow the attacker to cause the ntpq or ntpdc process to enter an infinite loop, resulting in a denial of service (DoS) condition.\n\nA vulnerability in the standard and the special Network Time Protocol query program (ntpq and ntpdc) could allow an unauthenticated, remote attacker to obtain the value of the origin timestamp expected in the next peer response.\n\nThe vulnerability is due to ntpq and ntpdc providing this information without requiring authentication. An attacker could exploit this issue by querying the client with the appropriate ntpq or ntpdc commands. An exploit could allow the attacker to obtain the next peer response origin timestamp, which could be leveraged in further attacks.\n\nA vulnerability of the Network Time Protocol daemon (ntpd) could allow an authenticated, remote attacker to cause the ntpd to crash by exhausting the call stack.\n\nThe vulnerability exists because function calls to list_restrict4() or list_restrict6() can be made to exhaust space on the call stack. An attacker could exploit this vulnerability by performing an ntpdc reslist command against a device that has a large number of NTP restrictions in place. An exploit could allow the attacker to cause the ntpd to crash.\n\nA vulnerability the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to prevent clients from synchronizing to a time server.\n\nThe vulnerability is due to the improper handling of malicious packets by the broadcast server. An attacker could exploit this vulnerability by sending malicious, authenticated packets to the broadcast network. An exploit could allow the attacker to prevent the broadcast clients from synchronizing with configured time servers.\n\nAn issue in the standard Network Time Protocol query program (ntpq) could allow an authenticated, remote attacker to create files on the system with dangerous characters in the filename.\n\nThe issue is due to to improper validation of characters within filenames. An attacker could exploit this issue by saving a filename with the saveconfig command. An exploit could allow the attacker to write filenames to the system that may contain potentially dangerous character sequences.\n\nMultiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows:\n\n CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability \n CVE-2015-7974: Network Time Protocol Missing Trusted Key Check\n CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check\n CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames\n CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability\n CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service\n CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service \n CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass\n CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp\n CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack\n CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop\n\nAdditional details on each of the vulnerabilities are in the official security advisory from the NTP Consortium at Network Time Foundation at the following link: Security Notice[\"http://nwtime.org/security-policy/\"]\n\nCisco has released software updates that address these vulnerabilities.\n\nWorkarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product. \n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd", "reporter": "Cisco", "published": "2016-01-27T20:00:00", "type": "cisco", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Application and Content Networking System (ACNS) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Secure Access Control System (ACS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unity", "version": "any", "operator": "eq"}, {"name": "IOS", "version": "12.1XG", "operator": "eq"}, {"name": "IOS", "version": "12.1", "operator": "eq"}, {"name": "IOS", "version": "12.1XI", "operator": "eq"}, {"name": "IOS", "version": "12.0XC", "operator": "eq"}, {"name": "IOS", "version": "12.1XJ", "operator": "eq"}, {"name": "IOS", "version": "12.0XD", "operator": "eq"}, {"name": "IOS", "version": "12.0S", "operator": "eq"}, {"name": "IOS", "version": "12.0ST", "operator": "eq"}, {"name": "IOS", "version": "12.1XF", "operator": "eq"}, {"name": "IOS", "version": "12.0SP", "operator": "eq"}, {"name": "IOS", "version": "12.1XL", "operator": "eq"}, {"name": "IOS", "version": "12.1XQ", "operator": "eq"}, {"name": "IOS", "version": "12.1XU", "operator": "eq"}, {"name": "IOS", "version": "12.1YD", "operator": "eq"}, {"name": "IOS", "version": "12.1YI", "operator": "eq"}, {"name": "IOS", "version": "12.2B", "operator": "eq"}, {"name": "IOS", "version": "12.2DA", "operator": "eq"}, {"name": "IOS", "version": "12.2S", "operator": "eq"}, {"name": "IOS", "version": "12.2XA", "operator": "eq"}, {"name": "IOS", "version": "12.2XB", "operator": "eq"}, {"name": "IOS", "version": "12.2XG", "operator": "eq"}, {"name": "IOS", "version": "12.2XL", "operator": "eq"}, {"name": "IOS", "version": "12.2XM", "operator": "eq"}, {"name": "IOS", "version": "12.2", "operator": "eq"}, {"name": "IOS", "version": "12.2XN", "operator": "eq"}, {"name": "IOS", "version": "12.2XR", "operator": "eq"}, {"name": "IOS", "version": "12.2XS", "operator": "eq"}, {"name": "IOS", "version": "12.2XT", "operator": "eq"}, {"name": "IOS", "version": "12.2XW", "operator": "eq"}, {"name": "IOS", "version": "12.2YA", "operator": "eq"}, {"name": "IOS", "version": "12.2YB", "operator": "eq"}, {"name": "IOS", "version": "12.2YC", "operator": "eq"}, {"name": "IOS", "version": "12.2YD", "operator": "eq"}, {"name": "IOS", "version": "12.2YF", "operator": "eq"}, {"name": "IOS", "version": "12.2YG", "operator": "eq"}, {"name": "IOS", "version": "12.2YH", "operator": "eq"}, {"name": "IOS", "version": "12.1YF", "operator": "eq"}, {"name": "IOS", "version": "12.0", "operator": "eq"}, {"name": "IOS", "version": "12.1XB", "operator": "eq"}, {"name": "IOS", "version": "12.1XK", "operator": "eq"}, {"name": "IOS", "version": "12.0XE", "operator": "eq"}, {"name": "IOS", "version": "12.0SC", "operator": "eq"}, {"name": "IOS", "version": "12.1CX", "operator": "eq"}, {"name": "IOS", "version": "12.1EC", "operator": "eq"}, {"name": "IOS", "version": "12.2BC", "operator": "eq"}, {"name": "IOS", "version": "12.2XF", "operator": "eq"}, {"name": "IOS", "version": "12.0XG", "operator": "eq"}, {"name": "IOS", "version": "12.0XI", "operator": "eq"}, {"name": "IOS", "version": "12.0XK", "operator": "eq"}, {"name": "IOS", "version": "12.0XM", "operator": "eq"}, {"name": "IOS", "version": "12.0XQ", "operator": "eq"}, {"name": "IOS", "version": "12.0XR", "operator": "eq"}, {"name": "IOS", "version": "12.0XV", "operator": "eq"}, {"name": "IOS", "version": "12.1E", "operator": "eq"}, {"name": "IOS", "version": "12.1XC", "operator": "eq"}, {"name": "IOS", "version": "12.1XH", "operator": "eq"}, {"name": "IOS", "version": "12.1XM", "operator": "eq"}, {"name": "IOS", "version": "12.1XP", "operator": "eq"}, {"name": "IOS", "version": "12.1XT", "operator": "eq"}, {"name": "IOS", "version": "12.1YB", "operator": "eq"}, {"name": "IOS", "version": "12.1YC", "operator": "eq"}, {"name": "IOS", "version": "12.2DD", "operator": "eq"}, {"name": "IOS", "version": "12.2XD", "operator": "eq"}, {"name": "IOS", "version": "12.2XE", "operator": "eq"}, {"name": "IOS", "version": "12.2XH", "operator": "eq"}, {"name": "IOS", "version": "12.2XI", "operator": "eq"}, {"name": "IOS", "version": "12.2XJ", "operator": "eq"}, {"name": "IOS", "version": "12.2XK", "operator": "eq"}, {"name": "IOS", "version": "12.2XQ", "operator": "eq"}, {"name": "IOS", "version": "12.0T", "operator": "eq"}, {"name": "IOS", "version": "12.1YE", "operator": "eq"}, {"name": "IOS", "version": "12.1T", "operator": "eq"}, {"name": "IOS", "version": "12.0XA", "operator": "eq"}, {"name": "IOS", "version": "12.0XB", "operator": "eq"}, {"name": "IOS", "version": "12.1EZ", "operator": "eq"}, {"name": "IOS", "version": "12.1YA", "operator": "eq"}, {"name": "IOS", "version": "12.1XV", "operator": "eq"}, {"name": "IOS", "version": "12.1XA", "operator": "eq"}, {"name": "IOS", "version": "12.1XD", "operator": "eq"}, {"name": "IOS", "version": "12.1XE", "operator": "eq"}, {"name": "IOS", "version": "12.1XR", "operator": "eq"}, {"name": "IOS", "version": "12.1XS", "operator": "eq"}, {"name": "IOS", "version": "12.1EY", "operator": "eq"}, {"name": "IOS", "version": "12.1DB", "operator": "eq"}, {"name": "IOS", "version": "12.1DC", "operator": "eq"}, {"name": "IOS", "version": "12.0DA", "operator": "eq"}, {"name": "IOS", "version": "12.0SL", "operator": "eq"}, {"name": "IOS", "version": "12.0XH", "operator": "eq"}, {"name": "IOS", "version": "12.0XJ", "operator": "eq"}, {"name": "IOS", "version": "12.1AA", "operator": "eq"}, {"name": "IOS", "version": "12.1DA", "operator": "eq"}, {"name": "IOS", "version": "12.0SX", "operator": "eq"}, {"name": "IOS", "version": "12.1EX", "operator": "eq"}, {"name": "IOS", "version": "12.1EA", "operator": "eq"}, {"name": "IOS", "version": "12.0SY", "operator": "eq"}, {"name": "IOS", "version": "12.0SZ", "operator": "eq"}, {"name": "IOS", "version": "12.1AX", "operator": "eq"}, {"name": "IOS", "version": "12.1AY", "operator": "eq"}, {"name": "IOS", "version": "12.1EB", "operator": "eq"}, {"name": "IOS", "version": "12.1EV", "operator": "eq"}, {"name": "IOS", "version": "12.1EW", "operator": "eq"}, {"name": "IOS", "version": "12.1YJ", "operator": "eq"}, {"name": "IOS", "version": "12.1YH", "operator": "eq"}, {"name": "IOS", "version": "12.2BW", "operator": "eq"}, {"name": "IOS", "version": "12.2BX", "operator": "eq"}, {"name": "IOS", "version": "12.2BZ", "operator": "eq"}, {"name": "IOS", "version": "12.2CX", "operator": "eq"}, {"name": "IOS", "version": "12.2CY", "operator": "eq"}, {"name": "IOS", "version": "12.2DX", "operator": "eq"}, {"name": "IOS", "version": "12.2JA", "operator": "eq"}, {"name": "IOS", "version": "12.2MB", "operator": "eq"}, {"name": "IOS", "version": "12.2MC", "operator": "eq"}, {"name": "IOS", "version": "12.2MX", "operator": "eq"}, {"name": "IOS", "version": "12.2SZ", "operator": "eq"}, {"name": "IOS", "version": "12.2XU", "operator": "eq"}, {"name": "IOS", "version": "12.2YJ", "operator": "eq"}, {"name": "IOS", "version": "12.2YT", "operator": "eq"}, {"name": "IOS", "version": "12.2YN", "operator": "eq"}, {"name": "IOS", "version": "12.2YO", "operator": "eq"}, {"name": "IOS", "version": "12.2XC", "operator": "eq"}, {"name": "IOS", "version": "12.2YP", "operator": "eq"}, {"name": "IOS", "version": "12.2YK", "operator": "eq"}, {"name": "IOS", "version": "12.2YL", "operator": "eq"}, {"name": "IOS", "version": "12.2YM", "operator": "eq"}, {"name": "IOS", "version": "12.2YU", "operator": "eq"}, {"name": "IOS", "version": "12.2YV", "operator": "eq"}, {"name": "IOS", "version": "12.2YQ", "operator": "eq"}, {"name": "IOS", "version": "12.2YR", "operator": "eq"}, {"name": "IOS", "version": "12.2YW", "operator": "eq"}, {"name": "IOS", "version": "12.2YX", "operator": "eq"}, {"name": "IOS", "version": "12.2YY", "operator": "eq"}, {"name": "IOS", "version": "12.2YZ", "operator": "eq"}, {"name": "IOS", "version": "12.2ZA", "operator": "eq"}, {"name": "IOS", "version": "12.2ZB", "operator": "eq"}, {"name": "IOS", "version": "12.2ZC", "operator": "eq"}, {"name": "IOS", "version": "12.2ZD", "operator": "eq"}, {"name": "IOS", "version": "12.2ZE", "operator": "eq"}, {"name": "IOS", "version": "12.2ZF", "operator": "eq"}, {"name": "IOS", "version": "12.2ZG", "operator": "eq"}, {"name": "IOS", "version": "12.2ZH", "operator": "eq"}, {"name": "IOS", "version": "12.2ZJ", "operator": "eq"}, {"name": "IOS", "version": "12.2ZL", "operator": "eq"}, {"name": "IOS", "version": "12.0XL", "operator": "eq"}, {"name": "IOS", "version": "12.0XN", "operator": "eq"}, {"name": "IOS", "version": "12.0XT", "operator": "eq"}, {"name": "IOS", "version": "12.1XW", "operator": "eq"}, {"name": "IOS", "version": "12.2YE", "operator": "eq"}, {"name": "IOS", "version": "12.3", "operator": "eq"}, {"name": "IOS", "version": "12.3B", "operator": "eq"}, {"name": "IOS", "version": "12.3T", "operator": "eq"}, {"name": "IOS", "version": "12.2CZ", "operator": "eq"}, {"name": "IOS", "version": "12.2JK", "operator": "eq"}, {"name": "IOS", "version": "12.2XZ", "operator": "eq"}, {"name": "IOS", "version": "12.2ZK", "operator": "eq"}, {"name": "IOS", "version": "12.2ZO", "operator": "eq"}, {"name": "IOS", "version": "12.2ZP", "operator": "eq"}, {"name": "IOS", "version": "12.3XA", "operator": "eq"}, {"name": "IOS", "version": "12.3XQ", "operator": "eq"}, {"name": "IOS", "version": "12.3XN", "operator": "eq"}, {"name": "IOS", "version": "12.3XL", "operator": "eq"}, {"name": "IOS", "version": "12.3XK", "operator": "eq"}, {"name": "IOS", "version": "12.3XJ", "operator": "eq"}, {"name": "IOS", "version": "12.3XI", "operator": "eq"}, {"name": "IOS", "version": "12.3XH", "operator": "eq"}, {"name": "IOS", "version": "12.3XG", "operator": "eq"}, {"name": "IOS", "version": "12.3XF", "operator": "eq"}, {"name": "IOS", "version": "12.3XE", "operator": "eq"}, {"name": "IOS", "version": "12.3XD", "operator": "eq"}, {"name": "IOS", "version": "12.3XC", "operator": "eq"}, {"name": "IOS", "version": "12.3XB", "operator": "eq"}, {"name": "IOS", "version": "12.2EW", "operator": "eq"}, {"name": "IOS", "version": "12.2EWA", "operator": "eq"}, {"name": "IOS", "version": "12.2SU", "operator": "eq"}, {"name": "IOS", "version": "12.2SE", "operator": "eq"}, {"name": "IOS", "version": "12.2SV", "operator": "eq"}, {"name": "IOS", "version": "12.2SW", "operator": "eq"}, {"name": "IOS", "version": "12.2SXB", "operator": "eq"}, {"name": "IOS", "version": "12.2SXA", "operator": "eq"}, {"name": "IOS", "version": "12.2SXD", "operator": "eq"}, {"name": "IOS", "version": "12.2ZI", "operator": "eq"}, {"name": "IOS", "version": "12.2ZN", "operator": "eq"}, {"name": "IOS", "version": "12.3XM", "operator": "eq"}, {"name": "IOS", "version": "12.3XR", "operator": "eq"}, {"name": "IOS", "version": "12.3XS", "operator": "eq"}, {"name": "IOS", "version": "12.3XT", "operator": "eq"}, {"name": "IOS", "version": "12.3XU", "operator": "eq"}, {"name": "IOS", "version": "12.3XX", "operator": "eq"}, {"name": "IOS", "version": "12.3XW", "operator": "eq"}, {"name": "IOS", "version": "12.3XY", "operator": "eq"}, {"name": "IOS", "version": "12.3XZ", "operator": "eq"}, {"name": "IOS", "version": "12.3YA", "operator": "eq"}, {"name": "IOS", "version": "12.3YD", "operator": "eq"}, {"name": "IOS", "version": "12.3YE", "operator": "eq"}, {"name": "IOS", "version": "12.3YF", "operator": "eq"}, {"name": "IOS", "version": "12.3YH", "operator": "eq"}, {"name": "IOS", "version": "12.3YG", "operator": "eq"}, {"name": "IOS", "version": "12.2M", "operator": "eq"}, {"name": "IOS", "version": "12.2BY", "operator": "eq"}, {"name": "IOS", "version": "12.2XV", "operator": "eq"}, {"name": "IOS", "version": "12.3BC", "operator": "eq"}, {"name": "IOS", "version": "12.3BW", "operator": "eq"}, {"name": "IOS", "version": "12.0DB", "operator": "eq"}, {"name": "IOS", "version": "12.0DC", "operator": "eq"}, {"name": "IOS", "version": "12.0XF", "operator": "eq"}, {"name": "IOS", "version": "12.0XS", "operator": "eq"}, {"name": "IOS", "version": "12.1AZ", "operator": "eq"}, {"name": "IOS", "version": "12.1EO", "operator": "eq"}, {"name": "IOS", "version": "12.3YC", "operator": "eq"}, {"name": "IOS", "version": "12.3YJ", "operator": "eq"}, {"name": "IOS", "version": "12.3YL", "operator": "eq"}, {"name": "IOS", "version": "12.0SV", "operator": "eq"}, {"name": "IOS", "version": "12.3YI", "operator": "eq"}, {"name": "IOS", "version": "12.3YK", "operator": "eq"}, {"name": "IOS", "version": "12.1EU", "operator": "eq"}, {"name": "IOS", "version": "12.2EU", "operator": "eq"}, {"name": "IOS", "version": "12.2EX", "operator": "eq"}, {"name": "IOS", "version": "12.2SEB", "operator": "eq"}, {"name": "IOS", "version": "12.2SEA", "operator": "eq"}, {"name": "IOS", "version": "12.2EY", "operator": "eq"}, {"name": "IOS", "version": "12.2SO", "operator": "eq"}, {"name": "IOS", "version": "12.3JA", "operator": "eq"}, {"name": "IOS", "version": "12.3YQ", "operator": "eq"}, {"name": "IOS", "version": "12.3YB", "operator": "eq"}, {"name": "IOS", "version": "12.3YR", "operator": "eq"}, {"name": "IOS", "version": "12.3YS", "operator": "eq"}, {"name": "IOS", "version": "12.4", "operator": "eq"}, {"name": "IOS", "version": "12.2EZ", "operator": "eq"}, {"name": "IOS", "version": "12.2SEC", "operator": "eq"}, {"name": "IOS", "version": "12.3JK", "operator": "eq"}, {"name": "IOS", "version": "12.3YU", "operator": "eq"}, {"name": "IOS", "version": "12.4MR", "operator": "eq"}, {"name": "IOS", "version": "12.4T", "operator": "eq"}, {"name": "IOS", "version": "12.3YT", "operator": "eq"}, {"name": "IOS", "version": "12.3YW", "operator": "eq"}, {"name": "IOS", "version": "12.2SXF", "operator": "eq"}, {"name": "IOS", "version": "12.2SG", "operator": "eq"}, {"name": "IOS", "version": "12.1XX", "operator": "eq"}, {"name": "IOS", "version": "12.1XY", "operator": "eq"}, {"name": "IOS", "version": "12.2FX", "operator": "eq"}, {"name": "IOS", "version": "12.2FY", "operator": "eq"}, {"name": "IOS", "version": "12.2SBC", "operator": "eq"}, {"name": "IOS", "version": "12.2SXE", "operator": "eq"}, {"name": "IOS", "version": "12.2tpc", "operator": "eq"}, {"name": "IOS", "version": "12.3JX", "operator": "eq"}, {"name": "IOS", "version": "12.3TPC", "operator": "eq"}, {"name": "IOS", "version": "12.4XB", "operator": "eq"}, {"name": "IOS", "version": "12.4XA", "operator": "eq"}, {"name": "IOS", "version": "12.3YM", "operator": "eq"}, {"name": "IOS", "version": "12.1GA", "operator": "eq"}, {"name": "IOS", "version": "12.1GB", "operator": "eq"}, {"name": "IOS", "version": "12.1XZ", "operator": "eq"}, {"name": "IOS", "version": "12.2SB", "operator": "eq"}, {"name": "IOS", "version": "12.2SRA", "operator": "eq"}, {"name": "IOS", "version": "12.2ZV", "operator": "eq"}, {"name": "IOS", "version": "12.2ZW", "operator": "eq"}, {"name": "IOS", "version": "12.2ZX", "operator": "eq"}, {"name": "IOS", "version": "12.4XC", "operator": "eq"}, {"name": "IOS", "version": "12.4XD", "operator": "eq"}, {"name": "IOS", "version": "12.4XE", "operator": "eq"}, {"name": "IOS", "version": "12.2SEF", "operator": "eq"}, {"name": "IOS", "version": "12.2SEE", "operator": "eq"}, {"name": "IOS", "version": "12.2SED", "operator": "eq"}, {"name": "IOS", "version": "12.3YZ", "operator": "eq"}, {"name": "IOS", "version": "12.0XW", "operator": "eq"}, {"name": "IOS", "version": "12.4SW", "operator": "eq"}, {"name": "IOS", "version": "12.4XG", "operator": "eq"}, {"name": "IOS", "version": "12.4XJ", "operator": "eq"}, {"name": "IOS", "version": "12.4XT", "operator": "eq"}, {"name": "IOS", "version": "12.4XP", "operator": "eq"}, {"name": "IOS", "version": "12.2SGA", "operator": "eq"}, {"name": "IOS", "version": "12.2UZ", "operator": "eq"}, {"name": "IOS", "version": "12.2VZ", "operator": "eq"}, {"name": "IOS", "version": "12.2ZR", "operator": "eq"}, {"name": "IOS", "version": "12.2ZT", "operator": "eq"}, {"name": "IOS", "version": "12.2IXA", "operator": "eq"}, {"name": "IOS", "version": "12.2IXB", "operator": "eq"}, {"name": "IOS", "version": "12.2IXC", "operator": "eq"}, {"name": "IOS", "version": "12.2IXD", "operator": "eq"}, {"name": "IOS", "version": "12.2SEG", "operator": "eq"}, {"name": "IOS", "version": "12.2ZU", "operator": "eq"}, {"name": "IOS", "version": "12.2ZY", "operator": "eq"}, {"name": "IOS", "version": "12.3JEA", "operator": "eq"}, {"name": "IOS", "version": "12.3VA", "operator": "eq"}, {"name": "IOS", "version": "12.4JA", "operator": "eq"}, {"name": "IOS", "version": "12.4MD", "operator": "eq"}, {"name": "IOS", "version": "12.4XK", "operator": "eq"}, {"name": "IOS", "version": "12.4XV", "operator": "eq"}, {"name": "IOS", "version": "12.4XW", "operator": "eq"}, {"name": "IOS", "version": "12.2SRB", "operator": "eq"}, {"name": "IOS", "version": "12.0SYA", "operator": "eq"}, {"name": "IOS", "version": "12.1XO", "operator": "eq"}, {"name": "IOS", "version": "12.1XN", "operator": "eq"}, {"name": "IOS", "version": "12.2SVC", "operator": "eq"}, {"name": "IOS", "version": "12.4JMA", "operator": "eq"}, {"name": "IOS", "version": "12.3JEB", "operator": "eq"}, {"name": "IOS", "version": "12.3JEC", "operator": "eq"}, {"name": "IOS", "version": "12.2IXE", "operator": "eq"}, {"name": "IOS", "version": "12.2FZ", "operator": "eq"}, {"name": "IOS", "version": "12.4XF", "operator": "eq"}, {"name": "IOS", "version": "12.3JL", "operator": "eq"}, {"name": "IOS", "version": "12.2SBA", "operator": "eq"}, {"name": "IOS", "version": "12.2SBB", "operator": "eq"}, {"name": "IOS", "version": "12.2SCA", "operator": "eq"}, {"name": "IOS", "version": "12.2SRC", "operator": "eq"}, {"name": "IOS", "version": "12.2SVA", "operator": "eq"}, {"name": "IOS", "version": "12.2SVD", "operator": "eq"}, {"name": "IOS", "version": "12.2SXH", "operator": "eq"}, {"name": "IOS", "version": "12.4XQ", "operator": "eq"}, {"name": "IOS", "version": "12.4XY", "operator": "eq"}, {"name": "IOS", "version": "12.4XZ", "operator": "eq"}, {"name": "IOS", "version": "12.4XL", "operator": "eq"}, {"name": "IOS", "version": "12.3ZA", "operator": "eq"}, {"name": "IOS", "version": "12.3ZB", "operator": "eq"}, {"name": "IOS", "version": "12.4XM", "operator": "eq"}, {"name": "IOS", "version": "12.4XN", "operator": "eq"}, {"name": "IOS", "version": "12.4XR", "operator": "eq"}, {"name": "IOS", "version": "12.4YA", "operator": "eq"}, {"name": "IOS", "version": "12.2IRA", "operator": "eq"}, {"name": "IOS", "version": "12.2IRB", "operator": "eq"}, {"name": "IOS", "version": "12.2IXG", "operator": "eq"}, {"name": "IOS", "version": "12.2IXF", "operator": "eq"}, {"name": "IOS", "version": "12.2SCB", "operator": "eq"}, {"name": "IOS", "version": "12.2SRD", "operator": "eq"}, {"name": "IOS", "version": "12.2STE", "operator": "eq"}, {"name": "IOS", "version": "12.2SVE", "operator": "eq"}, {"name": "IOS", "version": "12.2SXI", "operator": "eq"}, {"name": "IOS", "version": "12.2XO", "operator": "eq"}, {"name": "IOS", "version": "12.2ZYA", "operator": "eq"}, {"name": "IOS", "version": "12.4JDA", "operator": "eq"}, {"name": "IOS", "version": "12.4JL", "operator": "eq"}, {"name": "IOS", "version": "12.4JK", "operator": "eq"}, {"name": "IOS", "version": "12.4JMB", "operator": "eq"}, {"name": "IOS", "version": "12.4JX", "operator": "eq"}, {"name": "IOS", "version": "12.4JY", "operator": "eq"}, {"name": "IOS", "version": "12.2SL", "operator": "eq"}, {"name": "IOS", "version": "12.2SQ", "operator": "eq"}, {"name": "IOS", "version": "12.4JDC", "operator": "eq"}, {"name": "IOS", "version": "12.4JDD", "operator": "eq"}, {"name": "IOS", "version": "12.4YB", "operator": "eq"}, {"name": "IOS", "version": "12.4YD", "operator": "eq"}, {"name": "IOS", "version": "12.2IRC", "operator": "eq"}, {"name": "IOS", "version": "12.2ZM", "operator": "eq"}, {"name": "IOS", "version": "12.2IXH", "operator": "eq"}, {"name": "IOS", "version": "12.4MDA", "operator": "eq"}, {"name": "IOS", "version": "12.2SCC", "operator": "eq"}, {"name": "IOS", "version": "12.2SCD", "operator": "eq"}, {"name": "IOS", "version": "12.3JED", "operator": "eq"}, {"name": "IOS", "version": "12.4YG", "operator": "eq"}, {"name": "IOS", "version": "15.0M", "operator": "eq"}, {"name": "IOS", "version": "15.0XA", "operator": "eq"}, {"name": "IOS", "version": "15.1T", "operator": "eq"}, {"name": "IOS", "version": "15.1XB", "operator": "eq"}, {"name": "IOS", "version": "12.2SRE", "operator": "eq"}, {"name": "IOS", "version": "15.0XO", "operator": "eq"}, {"name": "IOS", "version": "15.0S", "operator": "eq"}, {"name": "IOS", "version": "12.2IRD", "operator": "eq"}, {"name": "IOS", "version": "12.2IRE", "operator": "eq"}, {"name": "IOS", "version": "12.2MRA", "operator": "eq"}, {"name": "IOS", "version": "12.2MRB", "operator": "eq"}, {"name": "IOS", "version": "12.2SR", "operator": "eq"}, {"name": "IOS", "version": "12.4JHA", "operator": "eq"}, {"name": "IOS", "version": "12.4M", "operator": "eq"}, {"name": "IOS", "version": "15.2S", "operator": "eq"}, {"name": "IOS", "version": "12.2SXG", "operator": "eq"}, {"name": "IOS", "version": "12.4JD", "operator": "eq"}, {"name": "IOS", "version": "15.3T", "operator": "eq"}, {"name": "IOS", "version": "12.4JDE", "operator": "eq"}, {"name": "IOS", "version": "12.2XNH", "operator": "eq"}, {"name": "IOS", "version": "15.0EY", "operator": "eq"}, {"name": "IOS", "version": "12.4MRB", "operator": "eq"}, {"name": "IOS", "version": "15.2T", "operator": "eq"}, {"name": "IOS", "version": "12.3M", "operator": "eq"}, {"name": "IOS", "version": "12.3JEE", "operator": "eq"}, {"name": "IOS", "version": "12.2WO", "operator": "eq"}, {"name": "IOS", "version": "12.3YV", "operator": "eq"}, {"name": "IOS", "version": "12.2ZZ", "operator": "eq"}, {"name": "IOS", "version": "15.1S", "operator": "eq"}, {"name": "IOS", "version": "12.2ZS", "operator": "eq"}, {"name": "IOS", "version": "12.3EU", "operator": "eq"}, {"name": "IOS", "version": "12.4MF", "operator": "eq"}, {"name": "IOS", "version": "15.1M", "operator": "eq"}, {"name": "IOS", "version": "12.2IRF", "operator": "eq"}, {"name": "IOS", "version": "12.4JMC", "operator": "eq"}, {"name": "IOS", "version": "15.0SE", "operator": "eq"}, {"name": "IOS", "version": "15.1GC", "operator": "eq"}, {"name": "IOS", "version": "15.0SY", "operator": "eq"}, {"name": "IOS", "version": "12.2SXJ", "operator": "eq"}, {"name": "IOS", "version": "12.4MX", "operator": "eq"}, {"name": "IOS", "version": "15.1SG", "operator": "eq"}, {"name": "IOS", "version": "12.1YG", "operator": "eq"}, {"name": "IOS", "version": "12.2ZQ", "operator": "eq"}, {"name": "IOS", "version": "15.0MR", "operator": "eq"}, {"name": "IOS", "version": "12.3ZC", "operator": "eq"}, {"name": "IOS", "version": "12.4JZ", "operator": "eq"}, {"name": "IOS", "version": "12.2SCF", "operator": "eq"}, {"name": "IOS", "version": "12.2SVB", "operator": "eq"}, {"name": "IOS", "version": "15.2M", "operator": "eq"}, {"name": "IOS", "version": "12.2SCE", "operator": "eq"}, {"name": "IOS", "version": "15.0SG", "operator": "eq"}, {"name": "IOS", "version": "12.4MDB", "operator": "eq"}, {"name": "IOS", "version": "12.3TO", "operator": "eq"}, {"name": "IOS", "version": "12.4TST", "operator": "eq"}, {"name": "IOS", "version": "12.2IRG", "operator": "eq"}, {"name": "IOS", "version": "12.4JHC", "operator": "eq"}, {"name": "IOS", "version": "15.0EX", "operator": "eq"}, {"name": "IOS", "version": "15.2GC", "operator": "eq"}, {"name": "IOS", "version": "12.4JAX", "operator": "eq"}, {"name": "IOS", "version": "12.2SCG", "operator": "eq"}, {"name": "IOS", "version": "15.1MWR", "operator": "eq"}, {"name": "IOS", "version": "12.4MDC", "operator": "eq"}, {"name": "IOS", "version": "12.2IRH", "operator": "eq"}, {"name": "IOS", "version": "15.1SY", "operator": "eq"}, {"name": "IOS", "version": "15.3S", "operator": "eq"}, {"name": "IOS", "version": "15.2SB", "operator": "eq"}, {"name": "IOS", "version": "15.1SVA", "operator": "eq"}, {"name": "IOS", "version": "15.4T", "operator": "eq"}, {"name": "IOS", "version": "12.4JAZ", "operator": "eq"}, {"name": "IOS", "version": "12.4JB", "operator": "eq"}, {"name": "IOS", "version": "12.2SCH", "operator": "eq"}, {"name": "IOS", "version": "12.4JAL", "operator": "eq"}, {"name": "IOS", "version": "12.4JAM", "operator": "eq"}, {"name": "IOS", "version": "12.4JAN", "operator": "eq"}, {"name": "IOS", "version": "15.2JA", "operator": "eq"}, {"name": "IOS", "version": "15.2E", "operator": "eq"}, {"name": "IOS", "version": "15.0EW", "operator": "eq"}, {"name": "IOS", "version": "15.1MRA", "operator": "eq"}, {"name": "IOS", "version": "15.1SVB", "operator": "eq"}, {"name": "IOS", "version": "15.0ED", "operator": "eq"}, {"name": "IOS", "version": "15.2JB", "operator": "eq"}, {"name": "IOS", "version": "15.4S", "operator": "eq"}, {"name": "IOS", "version": "15.2JAX", "operator": "eq"}, {"name": "IOS", "version": "15.3M", "operator": "eq"}, {"name": "IOS", "version": "15.1SVC", "operator": "eq"}, {"name": "IOS", "version": "15.2JN", "operator": "eq"}, {"name": "IOS", "version": "15.2GCA", "operator": "eq"}, {"name": "IOS", "version": "15.0EZ", "operator": "eq"}, {"name": "IOS", "version": "15.2SC", "operator": "eq"}, {"name": "IOS", "version": "12.4YS", "operator": "eq"}, {"name": "IOS", "version": "15.0EF", "operator": "eq"}, {"name": "IOS", "version": "15.0EG", "operator": "eq"}, {"name": "IOS", "version": "15.1SVD", "operator": "eq"}, {"name": "IOS", "version": "15.2EY", "operator": "eq"}, {"name": "IOS", "version": "15.0EJ", "operator": "eq"}, {"name": "IOS", "version": "15.0EH", "operator": "eq"}, {"name": "IOS", "version": "15.2EZ", "operator": "eq"}, {"name": "IOS", "version": "15.2SY", "operator": "eq"}, {"name": "IOS", "version": "15.1SVF", "operator": "eq"}, {"name": "IOS", "version": "15.1SVE", "operator": "eq"}, {"name": "IOS", "version": "15.4M", "operator": "eq"}, {"name": "IOS", "version": "15.2SD", "operator": "eq"}, {"name": "IOS", "version": "12.4JAO", "operator": "eq"}, {"name": "IOS", "version": "15.2JAZ", "operator": "eq"}, {"name": "IOS", "version": "15.0EK", "operator": "eq"}, {"name": "IOS", "version": "15.3XB", "operator": "eq"}, {"name": "IOS", "version": "15.4CG", "operator": "eq"}, {"name": "IOS", "version": "15.5S", "operator": "eq"}, {"name": "IOS", "version": "15.1SVG", "operator": "eq"}, {"name": "IOS", "version": "15.2EB", "operator": "eq"}, {"name": "IOS", "version": "15.5T", "operator": "eq"}, {"name": "IOS", "version": "15.2EA", "operator": "eq"}, {"name": "IOS", "version": "15.4SN", "operator": "eq"}, {"name": "IOS", "version": "15.3JN", "operator": "eq"}, {"name": "IOS", "version": "15.1SVH", "operator": "eq"}, {"name": "IOS", "version": "12.2SCI", "operator": "eq"}, {"name": "IOS", "version": "12.4JAP", "operator": "eq"}, {"name": "IOS", "version": "15.3JA", "operator": "eq"}, {"name": "IOS", "version": "15.3JAA", "operator": "eq"}, {"name": "IOS", "version": "15.3JAB", "operator": "eq"}, {"name": "IOS", "version": "15.3JB", "operator": "eq"}, {"name": "IOS", "version": "15.5SN", "operator": "eq"}, {"name": "IOS", "version": "15.0SQD", "operator": "eq"}, {"name": "IOS", "version": "15.6S", "operator": "eq"}, {"name": "IOS", "version": "15.1SVI", "operator": "eq"}, {"name": "IOS", "version": "15.6T", "operator": "eq"}, {"name": "IOS", "version": "15.3JNB", "operator": "eq"}, {"name": "IOS", "version": "15.3JAX", "operator": "eq"}, {"name": "IOS", "version": "15.3JBB", "operator": "eq"}, {"name": "IOS", "version": "15.3JC", "operator": "eq"}, {"name": "Cisco Emergency Responder", "version": "any", "operator": "eq"}, {"name": "Cisco IOS XR Software", "version": "any", "operator": "eq"}, {"name": "Cisco NAC Appliance Software", "version": "any", "operator": "eq"}, {"name": "Intrusion Prevention System (IPS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Presence Server", "version": "any", "operator": "eq"}, {"name": "Cisco ACE Application Control Engine Module", "version": "any", "operator": "eq"}, {"name": "Cisco Wide Area Application Services (WAAS)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Contact Center Enterprise", "version": "any", "operator": "eq"}, {"name": "Cisco IP Interoperability and Collaboration System (IPICS)", "version": "any", "operator": "eq"}, {"name": "Cisco Service Control Engine (SCE)", "version": "any", "operator": "eq"}, {"name": "Cisco Unity Connection", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence", "version": "any", "operator": "eq"}, {"name": "Cisco NX-OS Software", "version": "any", "operator": "eq"}, {"name": "Cisco ACE 4700 Series Application Control Engine Appliances", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Communications Manager", "version": "any", "operator": "eq"}, {"name": "Cisco Application Networking Manager (ANM)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Provisioning Manager", "version": "any", "operator": "eq"}, {"name": "Cisco Physical Access Gateway", "version": "any", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.4S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.1SG", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.2SG", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.5S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.6S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.7S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.2XO", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.3SG", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.8S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.9S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.2SE", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.3SE", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.3XO", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.4SG", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.5E", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.10S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.11S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.12S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.13S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.6E", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.14S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.15S", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.3SQ", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.4SQ", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "3.7E", "operator": "eq"}, {"name": "Cisco IOS XE Software", "version": "any", "operator": "eq"}, {"name": "Cisco Video Surveillance Media Server Software", "version": "any", "operator": "eq"}, {"name": "Cisco Digital Media Manager Software", "version": "any", "operator": "eq"}, {"name": "Cisco IP Interoperability and Communications System (IPICS)", "version": "any", "operator": "eq"}, {"name": "Cisco Network Analysis Module (NAM) Software", "version": "any", "operator": "eq"}, {"name": "Cisco IronPort Encryption Appliance", "version": "any", "operator": "eq"}, {"name": "Cisco Network Admission Control Guest Server", "version": "any", "operator": "eq"}, {"name": "Cisco Telepresence MXP Series Endpoints", "version": "any", "operator": "eq"}, {"name": "Cisco Show and Share", "version": "any", "operator": "eq"}, {"name": "Cisco Identity Services Engine Software", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence Video Communication Server (VCS)", "version": "any", "operator": "eq"}, {"name": "Cisco MDS 9000 NX-OS Software", "version": "any", "operator": "eq"}, {"name": "Cisco Virtual Security Gateway for Nexus 1000V Series Switches", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence Manager", "version": "any", "operator": "eq"}, {"name": "Cisco ASA CX Context-Aware Security Software", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Security Manager (PRSM)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Data Center Network Manager (DCNM)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime LAN Management Solution (LMS)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Collaboration", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Infrastructure", "version": "any", "operator": "eq"}, {"name": "Cisco Connected Grid Network Management System (CG-NMS)", "version": "any", "operator": "eq"}, {"name": "Cisco WebEx Meetings Server", "version": "any", "operator": "eq"}, {"name": "Cisco WebEx Node for MCS", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Computing System Central Software", "version": "any", "operator": "eq"}, {"name": "Cisco Enterprise Content Delivery System (ECDS)", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence TC Software", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence TE Software", "version": "any", "operator": "eq"}, {"name": "Cisco Virtualization Experience Client 6000 Series Firmware", "version": "any", "operator": "eq"}, {"name": "Cisco Finesse", "version": "any", "operator": "eq"}, {"name": "Cisco SocialMiner", "version": "any", "operator": "eq"}, {"name": "Cisco MediaSense", "version": "any", "operator": "eq"}, {"name": "Cisco Unified SIP Proxy", "version": "any", "operator": "eq"}, {"name": "Cisco MXE 3500 (Media Experience Engine)", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Computing System Director", "version": "any", "operator": "eq"}, {"name": "Cisco Digital Content Manager (DCM) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Intelligence Center", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Service Catalog", "version": "any", "operator": "eq"}, {"name": "Cisco Nexus 1000V Switch", "version": "any", "operator": "eq"}, {"name": "Cisco Application Policy Infrastructure Controller (APIC)", "version": "any", "operator": "eq"}, {"name": "Cisco Expressway", "version": "any", "operator": "eq"}, {"name": "Cisco Edge 300 Series", "version": "any", "operator": "eq"}, {"name": "Cisco Jabber Guest", "version": "any", "operator": "eq"}, {"name": "Cisco Visual Quality Experience", "version": "any", "operator": "eq"}, {"name": "Cisco Unified Computing System (Management Software)", "version": "any", "operator": "eq"}, {"name": "Cisco Prime License Manager", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Collaboration Deployment", "version": "any", "operator": "eq"}, {"name": "Cisco TelePresence ISDN Link", "version": "any", "operator": "eq"}, {"name": "Cisco Telepresence Conductor", "version": "any", "operator": "eq"}, {"name": "Cisco Modular Encoding Platform D9036", "version": "any", "operator": "eq"}, {"name": "Cisco FireSIGHT System Software", "version": "any", "operator": "eq"}, {"name": "Cisco Videoscape Policy Resource Manager", "version": "any", "operator": "eq"}, {"name": "Cisco Prime Collaboration Assurance", "version": "any", "operator": "eq"}, {"name": "Cisco Virtual Topology System (VTS)", "version": "any", "operator": "eq"}, {"name": "Cisco Nexus 3000 Series Switch", "version": "any", "operator": "eq"}, {"name": "Cisco Policy Suite (CPS) Software", "version": "any", "operator": "eq"}, {"name": "Cisco Hosted Collaboration Mediation Fulfillment", "version": "any", "operator": "eq"}, {"name": "Cisco Cloud Services Platform 2100", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2015-7973", "CVE-2015-7974", "CVE-2015-7975", "CVE-2015-7976", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8139", "CVE-2015-8140", "CVE-2015-8158"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2016-03-07T14:02:40", "id": "CISCO-SA-20160127-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:08", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "4.2.8p7", "arch": "x86_64", "packageFilename": "ntp-4.2.8p7-x86_64-1_slack13.1.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "4.2.8p7", "arch": "x86_64", "packageFilename": "ntp-4.2.8p7-x86_64-1_slack14.1.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "4.2.8p7", "arch": "i486", "packageFilename": "ntp-4.2.8p7-i486-1_slack13.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "4.2.8p7", "arch": "x86_64", "packageFilename": "ntp-4.2.8p7-x86_64-1_slack13.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "4.2.8p7", "arch": "x86_64", "packageFilename": "ntp-4.2.8p7-x86_64-1_slack13.37.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "4.2.8p7", "arch": "i486", "packageFilename": "ntp-4.2.8p7-i486-1_slack13.37.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "4.2.8p7", "arch": "x86_64", "packageFilename": "ntp-4.2.8p7-x86_64-1_slack14.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "4.2.8p7", "arch": "i486", "packageFilename": "ntp-4.2.8p7-i486-1_slack14.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "4.2.8p7", "arch": "i486", "packageFilename": "ntp-4.2.8p7-i486-1_slack14.1.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "4.2.8p7", "arch": "i486", "packageFilename": "ntp-4.2.8p7-i486-1_slack13.1.txz", "packageName": "ntp", "operator": "lt"}], "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded.\n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "edition": 3, "reporter": "Slackware Linux Project", "published": "2016-04-29T14:57:25", "title": "ntp", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2016-1550", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2016-1547", "CVE-2016-2519", "CVE-2016-2517", "CVE-2016-1549"], "modified": "2016-04-29T14:57:25", "id": "SSA-2016-120-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.630758", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:36:47", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "4.2.8p6", "arch": "i486", "packageFilename": "ntp-4.2.8p6-i486-1_slack13.37.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "4.2.8p6", "arch": "i486", "packageFilename": "ntp-4.2.8p6-i486-1_slack13.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "4.2.8p6", "arch": "i486", "packageFilename": "ntp-4.2.8p6-i486-1_slack14.1.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "4.2.8p6", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-x86_64-1_slack14.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "4.2.8p6", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-x86_64-1_slack13.37.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "4.2.8p6", "arch": "i486", "packageFilename": "ntp-4.2.8p6-i486-1_slack14.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "4.2.8p6", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-x86_64-1_slack14.1.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "4.2.8p6", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-x86_64-1_slack13.1.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "4.2.8p6", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-x86_64-1_slack13.0.txz", "packageName": "ntp", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "4.2.8p6", "arch": "i486", "packageFilename": "ntp-4.2.8p6-i486-1_slack13.1.txz", "packageName": "ntp", "operator": "lt"}], "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz: Upgraded.\n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p6-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p6-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p6-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p6-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n31365ae4f12849e65d4ad1c8c7d5f89a ntp-4.2.8p6-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5a2d24bdacd8dd05ab9e0613c829212b ntp-4.2.8p6-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne70f7422bc81c144e6fac1df2c202634 ntp-4.2.8p6-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nf6637f6d24b94a6b17c68467956a6283 ntp-4.2.8p6-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n82601e105f95e324dfd1e2f0df513673 ntp-4.2.8p6-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nd3ba32d46f7eef8f75a3444bbee4c677 ntp-4.2.8p6-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nc5ff13e58fbbea0b7a677e947449e7b1 ntp-4.2.8p6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9e2abfaf0b0b7bf84a8a4db89f60eff6 ntp-4.2.8p6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne1e6b84808b7562314e0e29479153553 ntp-4.2.8p6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8db0a4ca68805c7f5e487d5bcd69d098 ntp-4.2.8p6-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nf96f443f54a74c20b5eb67467f5958ea n/ntp-4.2.8p6-i586-1.txz\n\nSlackware x86_64 -current package:\n5e256f2e1906b4c75047a966996a7a41 n/ntp-4.2.8p6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p6-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "edition": 3, "reporter": "Slackware Linux Project", "published": "2016-02-23T11:51:20", "title": "ntp", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-02-23T11:51:20", "id": "SSA-2016-054-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.546478", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:02", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1:4.2.6.p5+dfsg-2+deb7u7", "arch": "all", "packageFilename": "ntp_1:4.2.6.p5+dfsg-2+deb7u7_all.deb", "packageName": "ntp", "operator": "lt"}], "description": "Package : ntp\nVersion : 1:4.2.6.p5+dfsg-2+deb7u7\nCVE ID : CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 \n CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548\n CVE-2016-1550 CVE-2016-2516 CVE-2016-2518\n\nSeveral vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs:\n\nCVE-2015-7974\n\n Matt Street discovered that insufficient key validation allows\n impersonation attacks between authenticated peers.\n\nCVE-2015-7977 / CVE-2015-7978\n\n Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of "ntpdc reslist" commands may\n result in denial of service.\n\nCVE-2015-7979\n\n Aanchal Malhotra discovered that if NTP is configured for broadcast\n mode, an attacker can send malformed authentication packets which\n break associations with the server for other broadcast clients.\n\nCVE-2015-8138\n\n Matthew van Gundy and Jonathan Gardner discovered that missing\n validation of origin timestamps in ntpd clients may result in denial\n of service.\n\nCVE-2015-8158\n\n Jonathan Gardner discovered that missing input sanitising in ntpq\n may result in denial of service.\n\nCVE-2016-1547\n\n Stephen Gray and Matthew van Gundy discovered that incorrect handling\n of crypto NAK packets my result in denial of service.\n\nCVE-2016-1548\n\n Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients\n could be forced to change from basic client/server mode to interleaved\n symmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\n\n Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\n that timing leaks in the the packet authentication code could result\n in recovery of a message digest.\n\nCVE-2016-2516\n\n Yihan Lian discovered that duplicate IPs on "unconfig" directives will\n trigger an assert.\n\nCVE-2016-2518\n\n Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:4.2.6.p5+dfsg-2+deb7u7.\n\nWe recommend that you upgrade your ntp packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "reporter": "Debian", "published": "2016-07-25T21:37:31", "title": "[SECURITY] [DLA 559-1] ntp security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-07-25T21:37:31", "id": "DEBIAN:DLA-559-1:E64BA", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201607/msg00021.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:45", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "1:4.2.6.p5+dfsg-7+deb8u2", "arch": "all", "packageFilename": "ntpdate_1:4.2.6.p5+dfsg-7+deb8u2_all.deb", "packageName": "ntpdate", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:4.2.6.p5+dfsg-7+deb8u2", "arch": "all", "packageFilename": "ntp_1:4.2.6.p5+dfsg-7+deb8u2_all.deb", "packageName": "ntp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:4.2.6.p5+dfsg-7+deb8u2", "arch": "all", "packageFilename": "ntp-doc_1:4.2.6.p5+dfsg-7+deb8u2_all.deb", "packageName": "ntp-doc", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3629-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ntp\nCVE ID : CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 \n CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548\n CVE-2016-1550 CVE-2016-2516 CVE-2016-2518\n\nSeveral vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs:\n\nCVE-2015-7974\n\n Matt Street discovered that insufficient key validation allows\n impersonation attacks between authenticated peers.\n\nCVE-2015-7977 / CVE-2015-7978\n\n Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of "ntpdc reslist" commands may\n result in denial of service.\n\nCVE-2015-7979\n\n Aanchal Malhotra discovered that if NTP is configured for broadcast\n mode, an attacker can send malformed authentication packets which\n break associations with the server for other broadcast clients.\n\nCVE-2015-8138\n\n Matthew van Gundy and Jonathan Gardner discovered that missing\n validation of origin timestamps in ntpd clients may result in denial\n of service.\n\nCVE-2015-8158\n\n Jonathan Gardner discovered that missing input sanitising in ntpq\n may result in denial of service.\n\nCVE-2016-1547\n\n Stephen Gray and Matthew van Gundy discovered that incorrect handling\n of crypto NAK packets my result in denial of service.\n\nCVE-2016-1548\n\n Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients\n could be forced to change from basic client/server mode to interleaved\n symmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\n\n Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\n that timing leaks in the the packet authentication code could result\n in recovery of a message digest.\n\nCVE-2016-2516\n\n Yihan Lian discovered that duplicate IPs on "unconfig" directives will\n trigger an assert.\n\nCVE-2016-2518\n\n Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1.\n\nWe recommend that you upgrade your ntp packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2016-07-25T21:16:04", "title": "[SECURITY] [DSA 3629-1] ntp security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:45", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-07-25T21:16:04", "id": "DEBIAN:DSA-3629-1:3CA50", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00207.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:22:35", "references": ["https://bugzilla.suse.com/962966", "https://bugzilla.suse.com/962995", "https://bugzilla.suse.com/956773", "https://bugzilla.suse.com/962970", "https://bugzilla.suse.com/916617", "https://bugzilla.suse.com/962784", "https://bugzilla.suse.com/962988", "https://bugzilla.suse.com/951559", "https://bugzilla.suse.com/975981", "https://bugzilla.suse.com/975496", "https://bugzilla.suse.com/782060", "https://bugzilla.suse.com/962318", "https://bugzilla.suse.com/951629", "https://bugzilla.suse.com/962802", "https://bugzilla.suse.com/962960", "https://bugzilla.suse.com/937837", "https://bugzilla.suse.com/962997", "https://bugzilla.suse.com/963000", "https://bugzilla.suse.com/962994", "https://bugzilla.suse.com/963002"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-debuginfo-4.2.8p6-15.1.x86_64.rpm", "packageName": "ntp-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-doc-4.2.8p6-15.1.i586.rpm", "packageName": "ntp-doc", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.1.22-6.1", "packageFilename": "yast2-ntp-client-3.1.22-6.1.noarch.rpm", "packageName": "yast2-ntp-client", "arch": "noarch", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "3.1.22-6.1", "packageFilename": "yast2-ntp-client-devel-doc-3.1.22-6.1.noarch.rpm", "packageName": "yast2-ntp-client-devel-doc", "arch": "noarch", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-4.2.8p6-15.1.x86_64.rpm", "packageName": "ntp", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-debuginfo-4.2.8p6-15.1.i586.rpm", "packageName": "ntp-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-debugsource-4.2.8p6-15.1.x86_64.rpm", "packageName": "ntp-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-doc-4.2.8p6-15.1.x86_64.rpm", "packageName": "ntp-doc", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-4.2.8p6-15.1.i586.rpm", "packageName": "ntp", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "4.2.8p6-15.1", "packageFilename": "ntp-debugsource-4.2.8p6-15.1.i586.rpm", "packageName": "ntp-debugsource", "arch": "i586", "operator": "lt"}], "edition": 1, "description": "ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "reporter": "Suse", "published": "2016-05-12T21:07:47", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Security update for ntp (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-05-12T21:07:47", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html", "id": "OPENSUSE-SU-2016:1292-1", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:47:01", "references": ["https://bugzilla.suse.com/962966", "https://bugzilla.suse.com/962995", "https://bugzilla.suse.com/956773", "https://bugzilla.suse.com/962970", "https://bugzilla.suse.com/916617", "https://bugzilla.suse.com/784760", "https://bugzilla.suse.com/962784", "https://bugzilla.suse.com/962988", "https://bugzilla.suse.com/951559", "https://bugzilla.suse.com/975981", "https://bugzilla.suse.com/975496", "https://bugzilla.suse.com/782060", "https://bugzilla.suse.com/962318", "https://bugzilla.suse.com/951629", "https://bugzilla.suse.com/962802", "https://bugzilla.suse.com/962960", "https://bugzilla.suse.com/962997", "https://bugzilla.suse.com/963000", "https://bugzilla.suse.com/962994", "https://bugzilla.suse.com/963002"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64", "packageFilename": "ntp-4.2.8p6-8.2.ppc64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.ppc64.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "i586", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.i586.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ia64", "packageFilename": "ntp-doc-4.2.8p6-8.2.ia64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64", "packageFilename": "ntp-doc-4.2.8p6-8.2.ppc64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "i586", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.i586.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ia64", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.ia64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.ppc64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-doc-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ia64", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.ia64.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "i586", "packageFilename": "ntp-4.2.8p6-8.2.i586.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "i586", "packageFilename": "ntp-doc-4.2.8p6-8.2.i586.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "ia64", "packageFilename": "ntp-4.2.8p6-8.2.ia64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-doc-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}], "edition": 1, "description": "ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n - bsc#784760: Remove local clock from default configuration\n\n", "reporter": "Suse", "published": "2016-04-28T19:09:34", "title": "Security update for ntp (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-04-28T19:09:34", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html", "id": "SUSE-SU-2016:1175-1", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:46:49", "references": ["https://bugzilla.suse.com/962966", "https://bugzilla.suse.com/962995", "https://bugzilla.suse.com/956773", "https://bugzilla.suse.com/962970", "https://bugzilla.suse.com/916617", "https://bugzilla.suse.com/962784", "https://bugzilla.suse.com/962988", "https://bugzilla.suse.com/951559", "https://bugzilla.suse.com/975981", "https://bugzilla.suse.com/975496", "https://bugzilla.suse.com/782060", "https://bugzilla.suse.com/962318", "https://bugzilla.suse.com/951629", "https://bugzilla.suse.com/962802", "https://bugzilla.suse.com/962960", "https://bugzilla.suse.com/937837", "https://bugzilla.suse.com/962997", "https://bugzilla.suse.com/963000", "https://bugzilla.suse.com/962994", "https://bugzilla.suse.com/963002"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-doc-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.1.22-6.2", "arch": "noarch", "packageFilename": "yast2-ntp-client-devel-doc-3.1.22-6.2.noarch.rpm", "packageName": "yast2-ntp-client-devel-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.1.22-6.2", "arch": "noarch", "packageFilename": "yast2-ntp-client-3.1.22-6.2.noarch.rpm", "packageName": "yast2-ntp-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64le", "packageFilename": "ntp-doc-4.2.8p6-8.2.ppc64le.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64le", "packageFilename": "ntp-4.2.8p6-8.2.ppc64le.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64le", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.ppc64le.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-debugsource-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-doc-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "s390x", "packageFilename": "ntp-doc-4.2.8p6-8.2.s390x.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.1.22-6.2", "arch": "noarch", "packageFilename": "yast2-ntp-client-3.1.22-6.2.noarch.rpm", "packageName": "yast2-ntp-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "ppc64le", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.ppc64le.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-debuginfo-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "4.2.8p6-8.2", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-8.2.x86_64.rpm", "packageName": "ntp", "operator": "lt"}], "edition": 1, "description": "ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n\n", "reporter": "Suse", "published": "2016-04-28T19:13:09", "title": "Security update for ntp (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-04-28T19:13:09", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html", "id": "SUSE-SU-2016:1177-1", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:27:22", "references": ["https://bugzilla.suse.com/905885", "https://bugzilla.suse.com/962966", "https://bugzilla.suse.com/946386", "https://bugzilla.suse.com/962995", "https://bugzilla.suse.com/956773", "https://bugzilla.suse.com/962970", "https://bugzilla.suse.com/916617", "https://bugzilla.suse.com/936327", "https://bugzilla.suse.com/962784", "https://bugzilla.suse.com/962988", "https://bugzilla.suse.com/951559", "https://bugzilla.suse.com/975981", "https://bugzilla.suse.com/975496", "https://bugzilla.suse.com/782060", "https://bugzilla.suse.com/962318", "https://bugzilla.suse.com/951629", "https://bugzilla.suse.com/942587", "https://bugzilla.suse.com/962802", "https://bugzilla.suse.com/920238", "https://bugzilla.suse.com/962960", "https://bugzilla.suse.com/937837", "https://bugzilla.suse.com/926510", "https://bugzilla.suse.com/962997", "https://bugzilla.suse.com/910063", "https://bugzilla.suse.com/944300", "https://bugzilla.suse.com/963000", "https://bugzilla.suse.com/962994", "https://bugzilla.suse.com/963002", "https://bugzilla.suse.com/951608", "https://bugzilla.suse.com/954982"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-debugsource-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "ppc64le", "packageFilename": "ntp-debuginfo-4.2.8p6-46.5.2.ppc64le.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "3.1.12.4-8.2", "arch": "noarch", "packageFilename": "yast2-ntp-client-3.1.12.4-8.2.noarch.rpm", "packageName": "yast2-ntp-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "ppc64le", "packageFilename": "ntp-4.2.8p6-46.5.2.ppc64le.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-debugsource-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "3.1.12.4-8.2", "arch": "noarch", "packageFilename": "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch.rpm", "packageName": "yast2-ntp-client-devel-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-doc-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "s390x", "packageFilename": "ntp-debugsource-4.2.8p6-46.5.2.s390x.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "s390x", "packageFilename": "ntp-debuginfo-4.2.8p6-46.5.2.s390x.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "ppc64le", "packageFilename": "ntp-doc-4.2.8p6-46.5.2.ppc64le.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-debuginfo-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "ppc64le", "packageFilename": "ntp-debugsource-4.2.8p6-46.5.2.ppc64le.rpm", "packageName": "ntp-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "3.1.12.4-8.2", "arch": "noarch", "packageFilename": "yast2-ntp-client-3.1.12.4-8.2.noarch.rpm", "packageName": "yast2-ntp-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "s390x", "packageFilename": "ntp-4.2.8p6-46.5.2.s390x.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-debuginfo-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "x86_64", "packageFilename": "ntp-doc-4.2.8p6-46.5.2.x86_64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.2.8p6-46.5.2", "arch": "s390x", "packageFilename": "ntp-doc-4.2.8p6-46.5.2.s390x.rpm", "packageName": "ntp-doc", "operator": "lt"}], "description": "ntp was updated to version 4.2.8p6 to fix 28 security issues.\n\n Major functional changes:\n - The "sntp" commandline tool changed its option handling in a major way,\n some options have been renamed or dropped.\n - "controlkey 1" is added during update to ntp.conf to allow sntp to work.\n - The local clock is being disabled during update.\n - ntpd is no longer running chrooted.\n\n Other functional changes:\n - ntp-signd is installed.\n - "enable mode7" can be added to the configuration to allow ntdpc to work\n as compatibility mode option.\n - "kod" was removed from the default restrictions.\n - SHA1 keys are used by default instead of MD5 keys.\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n - CVE-2015-7871: NAK to the Future: Symmetric association authentication\n bypass via crypto-NAK (bsc#951608).\n - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning\n FAIL on some bogus values (bsc#951608).\n - CVE-2015-7854: Password Length Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7853: Invalid length data provided by a custom refclock driver\n could cause a buffer overflow (bsc#951608).\n - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n - CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n - CVE-2015-7849: trusted key use-after-free (bsc#951608).\n - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n - CVE-2015-7703: configuration directives "pidfile" and "driftfile" should\n only be allowed locally (bsc#951608).\n - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate\n the origin timestamp field (bsc#951608).\n - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data\n packet length checks (bsc#951608).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n - Add a controlkey line to /etc/ntp.conf if one does not already exist to\n allow runtime configuuration via ntpq.\n - bsc#946386: Temporarily disable memlock to avoid problems due to high\n memory usage during name resolution.\n - bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n - Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n - Fix legacy action scripts to pass on command line arguments.\n - bsc#944300: Remove "kod" from the restrict line in ntp.conf.\n - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n - Add a controlkey to ntp.conf to make the above work.\n - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.\n - Disable mode 7 (ntpdc) again, now that we don't use it anymore.\n - Add "addserver" as a new legacy action.\n - bsc#910063: Fix the comment regarding addserver in ntp.conf.\n - bsc#926510: Disable chroot by default.\n - bsc#920238: Enable ntpdc for backwards compatibility.\n\n", "edition": 1, "reporter": "Suse", "published": "2016-05-06T13:07:50", "title": "Security update for ntp (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7703", "CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7855", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7692", "CVE-2015-7851", "CVE-2015-7702", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "modified": "2016-05-06T13:07:50", "id": "SUSE-SU-2016:1247-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:46:49", "references": ["https://bugzilla.suse.com/905885", "https://bugzilla.suse.com/962966", "https://bugzilla.suse.com/946386", "https://bugzilla.suse.com/962995", "https://bugzilla.suse.com/956773", "https://bugzilla.suse.com/962970", "https://bugzilla.suse.com/916617", "https://bugzilla.suse.com/936327", "https://bugzilla.suse.com/920183", "https://bugzilla.suse.com/784760", "https://bugzilla.suse.com/962784", "https://bugzilla.suse.com/962988", "https://bugzilla.suse.com/951559", "https://bugzilla.suse.com/951351", "https://bugzilla.suse.com/975981", "https://bugzilla.suse.com/975496", "https://bugzilla.suse.com/782060", "https://bugzilla.suse.com/962318", "https://bugzilla.suse.com/942441", "https://bugzilla.suse.com/951629", "https://bugzilla.suse.com/942587", "https://bugzilla.suse.com/962802", "https://bugzilla.suse.com/920238", "https://bugzilla.suse.com/962960", "https://bugzilla.suse.com/937837", "https://bugzilla.suse.com/926510", "https://bugzilla.suse.com/962997", "https://bugzilla.suse.com/910063", "https://bugzilla.suse.com/943216", "https://bugzilla.suse.com/944300", "https://bugzilla.suse.com/963000", "https://bugzilla.suse.com/962994", "https://bugzilla.suse.com/963002", "https://bugzilla.suse.com/943218", "https://bugzilla.suse.com/951608", "https://bugzilla.suse.com/954982"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debugsource", "packageFilename": "ntp-debugsource-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "2.17.14.1-1.12.1", "packageName": "yast2-ntp-client", "packageFilename": "yast2-ntp-client-2.17.14.1-1.12.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debugsource", "packageFilename": "ntp-debugsource-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debugsource", "packageFilename": "ntp-debugsource-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debugsource", "packageFilename": "ntp-debugsource-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debuginfo", "packageFilename": "ntp-debuginfo-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debugsource", "packageFilename": "ntp-debugsource-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp", "packageFilename": "ntp-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-debugsource", "packageFilename": "ntp-debugsource-4.2.8p6-41.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "4.2.8p6-41.1", "packageName": "ntp-doc", "packageFilename": "ntp-doc-4.2.8p6-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This network time protocol server ntp was updated to 4.2.8p6 to fix the\n following issues:\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n Major functional changes:\n - The "sntp" commandline tool changed its option handling in a major way.\n - "controlkey 1" is added during update to ntp.conf to allow sntp to work.\n - The local clock is being disabled during update.\n - ntpd is no longer running chrooted.\n\n\n Other functional changes:\n - ntp-signd is installed.\n - "enable mode7" can be added to the configuration to allow ntdpc to work\n as compatibility mode option.\n - "kod" was removed from the default restrictions.\n - SHA1 keys are used by default instead of MD5 keys.\n\n These security issues were fixed:\n - CVE-2015-5219: An endless loop due to incorrect precision to double\n conversion (bsc#943216).\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n - CVE-2015-7871: NAK to the Future: Symmetric association authentication\n bypass via crypto-NAK (bsc#951608).\n - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning\n FAIL on some bogus values (bsc#951608).\n - CVE-2015-7854: Password Length Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7853: Invalid length data provided by a custom refclock driver\n could cause a buffer overflow (bsc#951608).\n - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n - CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n - CVE-2015-7849: trusted key use-after-free (bsc#951608).\n - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n - CVE-2015-7703: configuration directives "pidfile" and "driftfile" should\n only be allowed locally (bsc#951608).\n - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate\n the origin timestamp field (bsc#951608).\n - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data\n packet length checks (bsc#951608).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n - Add a controlkey line to /etc/ntp.conf if one does not already exist to\n allow runtime configuuration via ntpq.\n - bsc#946386: Temporarily disable memlock to avoid problems due to high\n memory usage during name resolution.\n - bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n - Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n - Fix legacy action scripts to pass on command line arguments.\n - bsc#944300: Remove "kod" from the restrict line in ntp.conf.\n - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.\n - Disable mode 7 (ntpdc) again, now that we don't use it anymore.\n - Add "addserver" as a new legacy action.\n - bsc#910063: Fix the comment regarding addserver in ntp.conf.\n - bsc#926510: Disable chroot by default.\n - bsc#920238: Enable ntpdc for backwards compatibility.\n - bsc#784760: Remove local clock from default configuration.\n - bsc#942441/fate#319496: Require perl-Socket6.\n - Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n - bsc#920183: Allow -4 and -6 address qualifiers in "server" directives.\n - Use upstream ntp-wait, because our version is incompatible with the new\n ntpq command line syntax.\n\n", "edition": 1, "reporter": "Suse", "published": "2016-05-17T15:09:17", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for ntp (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7703", "CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7855", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7692", "CVE-2015-7851", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "modified": "2016-05-17T15:09:17", "id": "SUSE-SU-2016:1311-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:46:49", "references": ["https://download.suse.com/patch/finder/?keywords=005fabcea379ebb53725d3077bfa4ba8", "https://bugzilla.suse.com/985065"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.13.18-0.20.1", "packageFilename": "yast2-ntp-client-2.13.18-0.20.1.noarch.rpm", "packageName": "yast2-ntp-client", "arch": "noarch", "operator": "lt"}], "edition": 1, "description": "The YaST2 NTP Client was updated to handle the presence of both xntp and\n ntp packages.\n\n If none are installed, "ntp" will be installed.\n\n Security Issues:\n\n * CVE-2016-4953\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953</a>>\n * CVE-2016-4954\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954</a>>\n * CVE-2016-4955\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955</a>>\n * CVE-2016-4956\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956</a>>\n * CVE-2016-4957\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957</a>>\n * CVE-2016-1547\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547</a>>\n * CVE-2016-1548\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548</a>>\n * CVE-2016-1549\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549</a>>\n * CVE-2016-1550\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550</a>>\n * CVE-2016-1551\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551</a>>\n * CVE-2016-2516\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516</a>>\n * CVE-2016-2517\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517</a>>\n * CVE-2016-2518\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518</a>>\n * CVE-2016-2519\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519</a>>\n * CVE-2015-8158\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158</a>>\n * CVE-2015-8138\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138</a>>\n * CVE-2015-7979\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979</a>>\n * CVE-2015-7978\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978</a>>\n * CVE-2015-7977\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977</a>>\n * CVE-2015-7976\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976</a>>\n * CVE-2015-7975\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975</a>>\n * CVE-2015-7974\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974</a>>\n * CVE-2015-7973\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973</a>>\n * CVE-2015-5300\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300</a>>\n * CVE-2015-5194\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194</a>>\n * CVE-2015-7871\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871</a>>\n * CVE-2015-7855\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855</a>>\n * CVE-2015-7854\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854</a>>\n * CVE-2015-7853\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853</a>>\n * CVE-2015-7852\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852</a>>\n * CVE-2015-7851\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851</a>>\n * CVE-2015-7850\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850</a>>\n * CVE-2015-7849\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849</a>>\n * CVE-2015-7848\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848</a>>\n * CVE-2015-7701\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701</a>>\n * CVE-2015-7703\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703</a>>\n * CVE-2015-7704\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704</a>>\n * CVE-2015-7705\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705</a>>\n * CVE-2015-7691\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691</a>>\n * CVE-2015-7692\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692</a>>\n * CVE-2015-7702\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702</a>>\n * CVE-2015-1798\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798</a>>\n * CVE-2015-1799\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799</a>>\n\n\n", "reporter": "Suse", "published": "2016-08-17T21:08:25", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for yast2-ntp-client (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2015-7855", "CVE-2016-4953", "CVE-2015-7973", "CVE-2015-1799", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-7975", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7851", "CVE-2015-7702", "CVE-2016-4957", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2016-2519", "CVE-2016-2517", "CVE-2015-7705", "CVE-2015-1798", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2016-1549", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "modified": "2016-08-17T21:08:25", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html", "id": "SUSE-SU-2016:2094-1", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:46:06", "references": ["https://bugzilla.suse.com/905885", "https://bugzilla.suse.com/962966", "https://bugzilla.suse.com/920905", "https://bugzilla.suse.com/982056", "https://bugzilla.suse.com/977461", "https://bugzilla.suse.com/979302", "https://bugzilla.suse.com/962995", "https://bugzilla.suse.com/962970", "https://bugzilla.suse.com/916617", "https://bugzilla.suse.com/952611", "https://bugzilla.suse.com/982066", "https://bugzilla.suse.com/936327", "https://bugzilla.suse.com/977458", "https://bugzilla.suse.com/920183", "https://bugzilla.suse.com/784760", "https://bugzilla.suse.com/962784", "https://bugzilla.suse.com/982064", "https://bugzilla.suse.com/962988", "https://bugzilla.suse.com/988417", "https://download.suse.com/patch/finder/?keywords=e7685b9a0cc48dfc1cea383e011b438b", "https://bugzilla.suse.com/988558", "https://bugzilla.suse.com/951559", "https://bugzilla.suse.com/951351", "https://bugzilla.suse.com/975496", "https://bugzilla.suse.com/920895", "https://bugzilla.suse.com/977450", "https://bugzilla.suse.com/782060", "https://bugzilla.suse.com/982068", "https://bugzilla.suse.com/962318", "https://bugzilla.suse.com/981422", "https://bugzilla.suse.com/982065", "https://bugzilla.suse.com/943221", "https://bugzilla.suse.com/977455", "https://bugzilla.suse.com/977451", "https://bugzilla.suse.com/951629", "https://bugzilla.suse.com/962802", "https://bugzilla.suse.com/977452", "https://bugzilla.suse.com/920238", "https://bugzilla.suse.com/962960", "https://bugzilla.suse.com/926510", "https://bugzilla.suse.com/982067", "https://bugzilla.suse.com/924202", "https://bugzilla.suse.com/957226", "https://bugzilla.suse.com/920893", "https://bugzilla.suse.com/910063", "https://bugzilla.suse.com/944300", "https://bugzilla.suse.com/963000", "https://bugzilla.suse.com/977464", "https://bugzilla.suse.com/963002", "https://bugzilla.suse.com/943218", "https://bugzilla.suse.com/977457", "https://bugzilla.suse.com/988565", "https://bugzilla.suse.com/977459"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.2.8p8-0.7.1", "arch": "i586", "packageFilename": "ntp-4.2.8p8-0.7.1.i586.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.2.8p8-0.7.1", "arch": "s390x", "packageFilename": "ntp-4.2.8p8-0.7.1.s390x.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.2.8p8-0.7.1", "arch": "i586", "packageFilename": "ntp-doc-4.2.8p8-0.7.1.i586.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.2.8p8-0.7.1", "arch": "x86_64", "packageFilename": "ntp-4.2.8p8-0.7.1.x86_64.rpm", "packageName": "ntp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.2.8p8-0.7.1", "arch": "x86_64", "packageFilename": "ntp-doc-4.2.8p8-0.7.1.x86_64.rpm", "packageName": "ntp-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.2.8p8-0.7.1", "arch": "s390x", "packageFilename": "ntp-doc-4.2.8p8-0.7.1.s390x.rpm", "packageName": "ntp-doc", "operator": "lt"}], "description": "NTP was updated to version 4.2.8p8 to fix several security issues and to\n ensure the continued maintainability of the package.\n\n These security issues were fixed:\n\n * CVE-2016-4953: Bad authentication demobilized ephemeral associations\n (bsc#982065).\n * CVE-2016-4954: Processing spoofed server packets (bsc#982066).\n * CVE-2016-4955: Autokey association reset (bsc#982067).\n * CVE-2016-4956: Broadcast interleave (bsc#982068).\n * CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).\n * CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS\n (bsc#977459).\n * CVE-2016-1548: Prevent the change of time of an ntpd client or\n denying service to an ntpd client by forcing it to change from basic\n client/server mode to interleaved symmetric mode (bsc#977461).\n * CVE-2016-1549: Sybil vulnerability: ephemeral association attack\n (bsc#977451).\n * CVE-2016-1550: Improve security against buffer comparison timing\n attacks (bsc#977464).\n * CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y\n * CVE-2016-2516: Duplicate IPs on unconfig directives could have\n caused an assertion botch in ntpd (bsc#977452).\n * CVE-2016-2517: Remote configuration trustedkey/\n requestkey/controlkey values are not properly validated (bsc#977455).\n * CVE-2016-2518: Crafted addpeer with hmode > 7 causes array\n wraparound with MATCH_ASSOC (bsc#977457).\n * CVE-2016-2519: ctl_getitem() return value not always checked\n (bsc#977458).\n * CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).\n * CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n * CVE-2015-7979: Off-path Denial of Service (DoS) attack on\n authenticated broadcast mode (bsc#962784).\n * CVE-2015-7978: Stack exhaustion in recursive traversal of\n restriction list (bsc#963000).\n * CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n * CVE-2015-7976: ntpq saveconfig command allowed dangerous characters\n in filenames (bsc#962802).\n * CVE-2015-7975: nextvar() missing length check (bsc#962988).\n * CVE-2015-7974: NTP did not verify peer associations of symmetric\n keys when authenticating packets, which might have allowed remote\n attackers to conduct impersonation attacks via an arbitrary trusted\n key, aka a "skeleton" key (bsc#962960).\n * CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n * CVE-2015-5300: MITM attacker can force ntpd to make a step larger\n than the panic threshold (bsc#951629).\n * CVE-2015-5194: Crash with crafted logconfig configuration command\n (bsc#943218).\n * CVE-2015-7871: NAK to the Future: Symmetric association\n authentication bypass via crypto-NAK (bsc#952611).\n * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning\n FAIL on some bogus values (bsc#952611).\n * CVE-2015-7854: Password Length Memory Corruption Vulnerability\n (bsc#952611).\n * CVE-2015-7853: Invalid length data provided by a custom refclock\n driver could cause a buffer overflow (bsc#952611).\n * CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability\n (bsc#952611).\n * CVE-2015-7851: saveconfig Directory Traversal Vulnerability\n (bsc#952611).\n * CVE-2015-7850: Clients that receive a KoD now validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611).\n * CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611).\n * CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611).\n * CVE-2015-7703: Configuration directives "pidfile" and "driftfile"\n should only be allowed locally (bsc#943221).\n * CVE-2015-7704: Clients that receive a KoD should validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7705: Clients that receive a KoD should validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7691: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-7692: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-7702: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-1798: The symmetric-key feature in the receive function in\n ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC\n field has a nonzero length, which made it easier for\n man-in-the-middle attackers to spoof packets by omitting the MAC\n (bsc#924202).\n * CVE-2015-1799: The symmetric-key feature in the receive function in\n ntp_proto.c in ntpd in NTP performed state-variable updates upon\n receiving certain invalid packets, which made it easier for\n man-in-the-middle attackers to cause a denial of service\n (synchronization loss) by spoofing the source IP address of a peer\n (bsc#924202).\n\n These non-security issues were fixed:\n\n * Keep the parent process alive until the daemon has finished\n initialisation, to make sure that the PID file exists when the\n parent returns.\n * bsc#979302: Change the process name of the forking DNS worker\n process to avoid the impression that ntpd is started twice.\n * bsc#981422: Don't ignore SIGCHILD because it breaks wait().\n * Separate the creation of ntp.keys and key #1 in it to avoid problems\n when upgrading installations that have the file, but no key #1,\n which is needed e.g. by "rcntp addserver".\n * bsc#957226: Restrict the parser in the startup script to the first\n occurrance of "keys" and "controlkey" in ntp.conf.\n * Enable compile-time support for MS-SNTP (--enable-ntp-signd)\n * bsc#975496: Fix ntp-sntp-dst.patch.\n * bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path,\n which caused the synchronization to fail.\n * bsc#782060: Speedup ntpq.\n * bsc#951559: Fix the TZ offset output of sntp during DST.\n * bsc#916617: Add /var/db/ntp-kod.\n * bsc#951351: Add ntp-ENOBUFS.patch to limit a warning that might\n happen quite a lot on loaded systems.\n * Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n * bnc#784760: Remove local clock from default configuration.\n * Fix incomplete backporting of "rcntp ntptimemset".\n * bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n * Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.\n * bsc#910063: Fix the comment regarding addserver in ntp.conf.\n * bsc#944300: Remove "kod" from the restrict line in ntp.conf.\n * bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n * bsc#926510: Re-add chroot support, but mark it as deprecated and\n disable it by default.\n * bsc#920895: Drop support for running chrooted, because it is an\n ongoing source of problems and not really needed anymore, given that\n ntp now drops privileges and runs under apparmor.\n * bsc#920183: Allow -4 and -6 address qualifiers in "server"\n directives.\n * Use upstream ntp-wait, because our version is incompatible with the\n new ntpq command line syntax.\n * bsc#920905: Adjust Util.pm to the Perl version on SLE11.\n * bsc#920238: Enable ntpdc for backwards compatibility.\n * bsc#920893: Don't use %exclude.\n * bsc#988417: Default to NTPD_FORCE_SYNC_ON_STARTUP="yes"\n * bsc#988565: Ignore errors when removing extra files during\n uninstallation\n * bsc#988558: Don't blindly guess the value to use for IP_TOS\n\n Security Issues:\n\n * CVE-2016-4953\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953</a>>\n * CVE-2016-4954\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954</a>>\n * CVE-2016-4955\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955</a>>\n * CVE-2016-4956\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956</a>>\n * CVE-2016-4957\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957</a>>\n * CVE-2016-1547\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547</a>>\n * CVE-2016-1548\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548</a>>\n * CVE-2016-1549\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549</a>>\n * CVE-2016-1550\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550</a>>\n * CVE-2016-1551\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551</a>>\n * CVE-2016-2516\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516</a>>\n * CVE-2016-2517\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517</a>>\n * CVE-2016-2518\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518</a>>\n * CVE-2016-2519\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519</a>>\n * CVE-2015-8158\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158</a>>\n * CVE-2015-8138\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138</a>>\n * CVE-2015-7979\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979</a>>\n * CVE-2015-7978\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978</a>>\n * CVE-2015-7977\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977</a>>\n * CVE-2015-7976\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976</a>>\n * CVE-2015-7975\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975</a>>\n * CVE-2015-7974\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974</a>>\n * CVE-2015-7973\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973</a>>\n * CVE-2015-5300\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300</a>>\n * CVE-2015-5194\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194</a>>\n * CVE-2015-7871\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871</a>>\n * CVE-2015-7855\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855</a>>\n * CVE-2015-7854\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854</a>>\n * CVE-2015-7853\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853</a>>\n * CVE-2015-7852\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852</a>>\n * CVE-2015-7851\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851</a>>\n * CVE-2015-7850\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850</a>>\n * CVE-2015-7849\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849</a>>\n * CVE-2015-7848\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848</a>>\n * CVE-2015-7701\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701</a>>\n * CVE-2015-7703\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703</a>>\n * CVE-2015-7704\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704</a>>\n * CVE-2015-7705\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705</a>>\n * CVE-2015-7691\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691</a>>\n * CVE-2015-7692\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692</a>>\n * CVE-2015-7702\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702</a>>\n * CVE-2015-1798\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798</a>>\n * CVE-2015-1799\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799</a>>\n\n\n", "edition": 1, "reporter": "Suse", "published": "2016-07-29T19:08:48", "title": "Security update for ntp (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2015-7855", "CVE-2016-4953", "CVE-2015-7973", "CVE-2015-1799", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-7975", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7851", "CVE-2015-7702", "CVE-2016-4957", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2016-2519", "CVE-2016-2517", "CVE-2015-7705", "CVE-2015-1798", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2016-1549", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "modified": "2016-07-29T19:08:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html", "id": "SUSE-SU-2016:1912-1", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:25", "references": ["http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.2_11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.3.90", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ntp-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.2.8p6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ntp", "operator": "lt"}], "description": "\nNetwork Time Foundation reports:\n\nNTF's NTP Project has been notified of the following low-\n\t and medium-severity vulnerabilities that are fixed in\n\t ntp-4.2.8p6, released on Tuesday, 19 January 2016:\n\nBug 2948 / CVE-2015-8158: Potential Infinite Loop\n\t in ntpq. Reported by Cisco ASIG.\nBug 2945 / CVE-2015-8138: origin: Zero Origin\n\t Timestamp Bypass. Reported by Cisco ASIG.\nBug 2942 / CVE-2015-7979: Off-path Denial of\n\t Service (DoS) attack on authenticated broadcast\n\t mode. Reported by Cisco ASIG.\nBug 2940 / CVE-2015-7978: Stack exhaustion in\n\t recursive traversal of restriction list.\n\t Reported by Cisco ASIG.\nBug 2939 / CVE-2015-7977: reslist NULL pointer\n\t dereference. Reported by Cisco ASIG.\nBug 2938 / CVE-2015-7976: ntpq saveconfig command\n\t allows dangerous characters in filenames.\n\t Reported by Cisco ASIG.\nBug 2937 / CVE-2015-7975: nextvar() missing length\n\t check. Reported by Cisco ASIG.\nBug 2936 / CVE-2015-7974: Skeleton Key: Missing\n\t key check allows impersonation between authenticated\n\t peers. Reported by Cisco ASIG.\nBug 2935 / CVE-2015-7973: Deja Vu: Replay attack on\n\t authenticated broadcast mode. Reported by Cisco ASIG.\n\nAdditionally, mitigations are published for the following\n\t two issues:\n\nBug 2947 / CVE-2015-8140: ntpq vulnerable to replay\n\t attacks. Reported by Cisco ASIG.\nBug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc,\n\t disclose origin. Reported by Cisco ASIG.\n\n\n", "edition": 4, "reporter": "FreeBSD", "published": "2016-01-20T00:00:00", "title": "ntp -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-08-09T00:00:00", "id": "5237F5D7-C020-11E5-B397-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/5237f5d7-c020-11e5-b397-d050996490d0.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:14:19", "references": ["http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.2.8p7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ntp", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.3_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.3.92", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ntp-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}], "description": "\nNetwork Time Foundation reports:\n\nNTF's NTP Project has been notified of the following low-\n\t and medium-severity vulnerabilities that are fixed in\n\t ntp-4.2.8p7, released on Tuesday, 26 April 2016:\n\nBug 3020 / CVE-2016-1551: Refclock impersonation\n\t vulnerability, AKA: refclock-peering. Reported by\n\t Matt Street and others of Cisco ASIG\nBug 3012 / CVE-2016-1549: Sybil vulnerability:\n\t ephemeral association attack, AKA: ntp-sybil -\n\t MITIGATION ONLY. Reported by Matthew Van Gundy\n\t of Cisco ASIG\nBug 3011 / CVE-2016-2516: Duplicate IPs on\n\t unconfig directives will cause an assertion botch.\n\t Reported by Yihan Lian of the Cloud Security Team,\n\t Qihoo 360\nBug 3010 / CVE-2016-2517: Remote configuration\n\t trustedkey/requestkey values are not properly\n\t validated. Reported by Yihan Lian of the Cloud\n\t Security Team, Qihoo 360\nBug 3009 / CVE-2016-2518: Crafted addpeer with\n\t hmode > 7 causes array wraparound with MATCH_ASSOC.\n\t Reported by Yihan Lian of the Cloud Security Team,\n\t Qihoo 360\nBug 3008 / CVE-2016-2519: ctl_getitem() return\n\t value not always checked. Reported by Yihan Lian\n\t of the Cloud Security Team, Qihoo 360\nBug 3007 / CVE-2016-1547: Validate crypto-NAKs,\n\t AKA: nak-dos. Reported by Stephen Gray and\n\t Matthew Van Gundy of Cisco ASIG\nBug 2978 / CVE-2016-1548: Interleave-pivot -\n\t MITIGATION ONLY. Reported by Miroslav Lichvar of\n\t RedHat and separately by Jonathan Gardner of\n\t Cisco ASIG.\nBug 2952 / CVE-2015-7704: KoD fix: peer\n\t associations were broken by the fix for\n\t NtpBug2901, AKA: Symmetric active/passive mode\n\t is broken. Reported by Michael Tatarinov,\n\t NTP Project Developer Volunteer\nBug 2945 / Bug 2901 / CVE-2015-8138: Zero\n\t Origin Timestamp Bypass, AKA: Additional KoD Checks.\n\t Reported by Jonathan Gardner of Cisco ASIG\nBug 2879 / CVE-2016-1550: Improve NTP security\n\t against buffer comparison timing attacks,\n\t authdecrypt-timing, AKA: authdecrypt-timing.\n\t Reported independently by Loganaden Velvindron,\n\t and Matthew Van Gundy and Stephen Gray of\n\t Cisco ASIG.\n\n\n", "edition": 4, "reporter": "FreeBSD", "published": "2016-04-26T00:00:00", "title": "ntp -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2016-1550", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2016-1547", "CVE-2016-2519", "CVE-2016-2517", "CVE-2016-1549"], "modified": "2016-08-09T00:00:00", "id": "B2487D9A-0C30-11E6-ACD0-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/b2487d9a-0c30-11e6-acd0-d050996490d0.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:38", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2516", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8138", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4956", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7979", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7974", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4955", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-1547", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2518", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8158", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7975", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4954", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-1550", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-0727", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-1548", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7973", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7976", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7978", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7977"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ntp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1:4.2.6.p3+dfsg-1ubuntu3.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ntp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:4.2.8p4+dfsg-3ubuntu5.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ntp", "operator": "lt"}], "description": "Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547)\n\nMiroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516)\n\nYihan Lian discovered that NTP incorrectly handled certail peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518)\n\nJakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP AppArmor profile.", "edition": 3, "reporter": "Ubuntu", "published": "2016-10-05T00:00:00", "title": "NTP vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2016-0727", "CVE-2015-7973", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7976", "CVE-2015-7975", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-10-05T00:00:00", "id": "USN-3096-1", "href": "https://usn.ubuntu.com/3096-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:26:09", "references": [], "description": "USN-3096-1 NTP vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\nCanonical Ubuntu 14.04 LTS\n\n# Description\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547)\n\nMiroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516)\n\nYihan Lian discovered that NTP incorrectly handled certain peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518)\n\nJakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP AppArmor profile.\n\n# Affected Cloud Foundry Products and Versions\n\nSeverity is medium unless otherwise noted.\n\nCloud Foundry BOSH stemcells are vulnerable, including:\n\n * All versions prior to 3146.24\n * 3151.x versions prior to 3151.2\n * 3232.x versions prior to 3232.22\n * 3233.x versions prior to 3233.2\n * 3262.x versions prior to 3262.21\n * Other versions prior to 3263.7\n\n# Mitigation\n\nThe Cloud Foundry team recommends upgrading to the following BOSH stemcells:\n\n * Upgrade all versions prior to 3146.x to 3146.24\n * Upgrade 3151.x versions to 3151.2\n * Upgrade 3232.x versions to 3232.22\n * Upgrade 3233.x versions to 3233.2\n * Upgrade 3262.x versions to 3262.21\n * Upgrade other versions to 3263.7\n\n# Credit\n\nMatt Street, Aanchal Malhotra, Jonathan Gardner, Matthew Van Gundy, Stephen Gray, Loganaden Velvindron, Yihan Lian, Jakub Prokes, Miroslav Lichvar\n\n# References\n\n * <https://www.ubuntu.com/usn/usn-3096-1/>\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2016-12-21T00:00:00", "title": "USN-3096-1: NTP vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2016-0727", "CVE-2015-7973", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7976", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-12-21T00:00:00", "id": "CFOUNDRY:0B67E4FF46553AC705FD601C96C1A6B6", "href": "https://www.cloudfoundry.org/blog/usn-3096-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-09-05T16:46:03", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2519", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2518", "http://cwe.mitre.org/data/definitions/821.html", "http://cwe.mitre.org/data/definitions/821.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8138", "http://cwe.mitre.org/data/definitions/200.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2516", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7975", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1548", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8139", "http://cwe.mitre.org/data/definitions/476.html", "http://support.ntp.org/bin/view/Main/NtpBug2948", "http://support.ntp.org/bin/view/Main/NtpBug2946", "http://support.ntp.org/bin/view/Main/NtpBug2947", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2517", "http://cwe.mitre.org/data/definitions/294.html", "http://cwe.mitre.org/data/definitions/294.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1549", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1551", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8158", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8140", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7979", "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit", "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit", "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit", "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security", "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security", "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7977", "http://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7704", "http://cwe.mitre.org/data/definitions/290.html", "http://cwe.mitre.org/data/definitions/290.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1550", "http://cwe.mitre.org/data/definitions/125.html", "http://cwe.mitre.org/data/definitions/20.html", "http://cwe.mitre.org/data/definitions/20.html", "http://cwe.mitre.org/data/definitions/20.html", "http://cwe.mitre.org/data/definitions/20.html", "http://cwe.mitre.org/data/definitions/20.html", "http://cwe.mitre.org/data/definitions/20.html", "http://cwe.mitre.org/data/definitions/20.html", "http://cwe.mitre.org/data/definitions/362.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1547", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7705", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7973", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7978", "http://www.ntp.org/downloads.html", "http://cwe.mitre.org/data/definitions/400.html", "http://cwe.mitre.org/data/definitions/400.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7976", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7974"], "description": "### Overview\n\nThe NTP.org reference implementation of `ntpd` contains multiple vulnerabilities.\n\n### Description\n\nNTP.org's reference implementation of NTP server, `ntpd`, contains multiple vulnerabilities. \n\n[**CWE-294**](<http://cwe.mitre.org/data/definitions/294.html>)**: Authentication Bypass by Capture-replay - **CVE-2015-7973 \n \nAn attacker on the network can record and replay authenticated broadcast mode packets. Also known as the \"Deja Vu\" attack. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7974 \n \nA missing key check allows impersonation between authenticated peers. Also known as the \"Skeleton Key\" attack. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7975 \n \nThe `nextvar()` function does not properly validate length. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7976 \n \n`ntpq saveconfig` command allows dangerous characters in filenames \n \n[**CWE-476**](<http://cwe.mitre.org/data/definitions/476.html>)**: NULL Pointer Dereference - **CVE-2015-7977 \n \n`reslist` NULL pointer dereference \n \n[**CWE-400**](<http://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption ('Resource Exhaustion') - **CVE-2015-7978 \n \nStack exhaustion in recursive traversal of restriction list \n \n[**CWE-821**](<http://cwe.mitre.org/data/definitions/821.html>)**: Incorrect Synchronization - **CVE-2015-7979 \n \nOff-path Denial of Service (DoS) attack on authenticated broadcast and other pre-emptable modes \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-8138 \n \nZero Origin Timestamp Bypass \n \n[**CWE-200**](<http://cwe.mitre.org/data/definitions/200.html>)**: Information Exposure - **CVE-2015-8139 \n \nNetwork Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability \n<http://support.ntp.org/bin/view/Main/NtpBug2946> \n \n[**CWE-294**](<http://cwe.mitre.org/data/definitions/294.html>)**: Authentication Bypass by Capture-replay - **CVE-2015-8140 \n \nNetwork Time Protocol ntpq Control Protocol Replay Vulnerability \n<http://support.ntp.org/bin/view/Main/NtpBug2947> \n \n[**CWE-400**](<http://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption ('Resource Exhaustion') - **CVE-2015-8158 \n \nPotential Infinite Loop in ntpq \n<http://support.ntp.org/bin/view/Main/NtpBug2948> \n \n[**CWE-821**](<http://cwe.mitre.org/data/definitions/821.html>)**: Incorrect Synchronization - **CVE-2016-1547 \n \nAn off-path attacker can deny service to `ntpd` clients by demobilizing preemptable associations using spoofed crypto-NAK packets. This vulnerability involves different code paths than those used by CVE-2015-7979. \n \n[**CWE-290**](<http://cwe.mitre.org/data/definitions/290.html>)**: Authentication Bypass by Spoofing - **CVE-2016-1548 \n \nBy spoofing packets from a legitimate server, an attacker can change the time of an` ntpd` client or deny service to an `ntpd` client by forcing it to change from basic client/server mode to interleaved symmetric mode. \n \n[**CWE-362**](<http://cwe.mitre.org/data/definitions/362.html>)**: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - **CVE-2016-1549 \n \nntpd does not prevent Sybil attacks from authenticated peers. An malicious authenticated peer can create any number of ephemeral associations in order to win ntpd's clock selection algorithm and modify a victim's clock. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2016-1550 \n \nntpd does not use a constant-time memory comparison function when validating the authentication digest on incoming packets. In some situations this may allow an attacker to conduct a timing attack to compute the value of the valid authentication digest causing forged packets to be accepted by `ntpd`. \n \n[**CWE-290**](<http://cwe.mitre.org/data/definitions/290.html>)**: Authentication Bypass by Spoofing - **CVE-2016-1551 \n \nntpd does not filter IPv4 bogon packets received from the network. This allows unauthenticated network attackers to spoof refclock packets to ntpd processes on systems that do not implement bogon filtering. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2016-2516, CVE-2016-2517 \n \nDuplicate IPs on `unconfig` directives will cause an assertion botch in `ntpd`. A regression caused by the patch for CVE-2016-2516 was fixed and identified as CVE-2016-2517. \n \n[**CWE-125**](<http://cwe.mitre.org/data/definitions/125.html>)**: Out-of-bounds Read - **CVE-2016-2518 \n \nUsing a crafted packet to create a peer association with hmode > 7 causes the MATCH_ASSOC() lookup to make an out-of-bounds reference. \n \n[**CWE-119**](<http://cwe.mitre.org/data/definitions/119.html>)**: Improper Restriction of Operations within the Bounds of a Memory Buffer - **CVE-2016-2519 \n \n`ntpq` and `ntpdc` can be used to store and retrieve information in `ntpd`. It is possible to store a data value that is larger than the size of the buffer that the `ctl_getitem()` function of `ntpd` uses to report the return value. If the length of the requested data value returned by `ctl_getitem()` is too large, the value NULL is returned instead. There are 2 cases where the return value from `ctl_getitem()` was not directly checked to make sure it's not NULL, but there are subsequent INSIST() checks that make sure the return value is not NULL. There are no data values ordinarily stored in `ntpd` that would exceed this buffer length. But if one has permission to store values and one stores a value that is \"too large\", then `ntpd` will abort if an attempt is made to read that oversized value. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7704**, **CVE-2015-7705 \n \nAn ntpd client that honors Kiss-of-Death (KoD) responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. \n \nFor more information on these vulnerabilities, please see NTP.org's [April 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>) as well as the [January 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>). \n \n--- \n \n### Impact\n\nUnauthenticated remote attackers may be able to spoof packets to cause denial of service, authentication bypass on commands, or certain configuration changes. For more information on these vulnerabilities, please see NTP.org's [April 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>) as well as the [January 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>). \n \n--- \n \n### Solution\n\n**Apply an update** \n \nPartial patches for some of these issues were initially released in January 2016 as version 4.2.8p6. Complete patches for all of these issues are now available in version [4.2.8p7](<http://www.ntp.org/downloads.html>), released 2016-04-26. Affected users are encouraged to update as soon as possible. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nNTP Project| | 19 Jan 2016| 22 Apr 2016 \nACCESS| | 25 Apr 2016| 25 Apr 2016 \nAlcatel-Lucent| | 25 Apr 2016| 25 Apr 2016 \nApple| | 25 Apr 2016| 25 Apr 2016 \nArista Networks, Inc.| | 25 Apr 2016| 25 Apr 2016 \nAruba Networks| | 25 Apr 2016| 25 Apr 2016 \nAT&T;| | 25 Apr 2016| 25 Apr 2016 \nAvaya, Inc.| | 25 Apr 2016| 25 Apr 2016 \nBelkin, Inc.| | 25 Apr 2016| 25 Apr 2016 \nBlue Coat Systems| | 25 Apr 2016| 25 Apr 2016 \nCA Technologies| | 25 Apr 2016| 25 Apr 2016 \nCentOS| | 25 Apr 2016| 25 Apr 2016 \nCheck Point Software Technologies| | 25 Apr 2016| 25 Apr 2016 \nCisco| | 08 Jan 2016| 08 Jan 2016 \nCoreOS| | 25 Apr 2016| 25 Apr 2016 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23718152 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 5.3 | E:POC/RL:OF/RC:C \nEnvironmental | 5.3 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>\n * <http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>\n\n### Credit\n\nThanks to Cisco TALOS for reporting many of these issues to us. The Network Time Foundation credits many researchers for these vulnerabilities; see NTP.org's January 2016 and April 2016 security advisories for the complete list.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n * CVE IDs: [CVE-2015-7704](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7704>) [CVE-2015-7705](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7705>) [CVE-2015-7973](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7973>) [CVE-2015-7974](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7974>) [CVE-2015-7975](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7975>) [CVE-2015-7976](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7976>) [CVE-2015-7977](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7977>) [CVE-2015-7978](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7978>) [CVE-2015-7979](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7979>) [CVE-2015-8138](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8138>) [CVE-2015-8139](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8139>) [CVE-2015-8140](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8140>) [CVE-2015-8158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8158>) [CVE-2016-1547](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1547>) [CVE-2016-1548](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1548>) [CVE-2016-1549](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1549>) [CVE-2016-1550](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1550>) [CVE-2016-1551](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1551>) [CVE-2016-2516](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2516>) [CVE-2016-2517](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2517>) [CVE-2016-2518](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2518>) [CVE-2016-2519](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2519>)\n * Date Public: 26 Apr 2016\n * Date First Published: 27 Apr 2016\n * Date Last Updated: 28 Apr 2016\n * Document Revision: 48\n\n", "edition": 7, "reporter": "CERT", "published": "2016-04-27T00:00:00", "title": "NTP.org ntpd contains multiple vulnerabilities", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-1548", "CVE-2016-1548", "CVE-2016-1548", "CVE-2016-2518", "CVE-2016-2518", "CVE-2016-2518", "CVE-2015-8140", "CVE-2015-8140", "CVE-2015-8140", "CVE-2015-8138", "CVE-2015-8138", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7973", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-7977", "CVE-2015-7977", "CVE-2016-1550", "CVE-2016-1550", "CVE-2016-1550", "CVE-2015-8158", "CVE-2015-8158", "CVE-2015-8158", "CVE-2016-2516", "CVE-2016-2516", "CVE-2016-2516", "CVE-2016-2516", "CVE-2015-7704", "CVE-2015-7704", "CVE-2015-7704", "CVE-2016-1551", "CVE-2016-1551", "CVE-2016-1551", "CVE-2015-7979", "CVE-2015-7979", "CVE-2015-7979", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-7976", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-8139", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7975", "CVE-2015-7975", "CVE-2016-1547", "CVE-2016-1547", "CVE-2016-1547", "CVE-2016-2519", "CVE-2016-2519", "CVE-2016-2519", "CVE-2016-2517", "CVE-2016-2517", "CVE-2016-2517", "CVE-2016-2517", "CVE-2015-7705", "CVE-2015-7705", "CVE-2015-7705", "CVE-2015-7974", "CVE-2015-7974", "CVE-2015-7974", "CVE-2016-1549", "CVE-2016-1549", "CVE-2016-1549", "CVE-2015-7978", "CVE-2015-7978", "CVE-2015-7978"], "modified": "2016-04-28T00:00:00", "id": "VU:718152", "href": "https://www.kb.cert.org/vuls/id/718152", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:00", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=572452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854", "https://bugs.gentoo.org/show_bug.cgi?id=563774", "https://bugs.gentoo.org/show_bug.cgi?id=584954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976", "https://bugs.gentoo.org/show_bug.cgi?id=581528", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.2.8_p8", "packageFilename": "UNKNOWN", "packageName": "net-misc/ntp", "arch": "all", "operator": "lt"}], "description": "### Background\n\nNTP contains software for the Network Time Protocol.\n\n### Description\n\nMultiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/ntp-4.2.8_p8\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2016-07-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "NTP: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2016-4956", "CVE-2015-8140", "CVE-2016-4955", "CVE-2015-8138", "CVE-2015-7855", "CVE-2016-4953", "CVE-2015-7973", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7851", "CVE-2015-7702", "CVE-2016-4957", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2016-2519", "CVE-2016-2517", "CVE-2015-7705", "CVE-2015-7974", "CVE-2015-7850", "CVE-2016-1549", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "modified": "2016-07-20T00:00:00", "id": "GLSA-201607-15", "href": "https://security.gentoo.org/glsa/201607-15", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:41", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "edition": 3, "reporter": "Oracle", "published": "2016-07-19T00:00:00", "title": "Oracle Critical Patch Update - July 2016", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Sun Data Center InfiniBand Switch 36", "version": "2.2.2", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Internet Expenses", "version": "12.2.5", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.2.2", "operator": "le"}, {"name": "Enterprise Manager for Fusion Middleware", "version": "11.1.1.9", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "6u115", "operator": "le"}, {"name": "OJVM", "version": "12.1.0.2", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Sun Network 10GE Switch 72p", "version": "1.2", "operator": "le"}, {"name": "Oracle E-Business Suite Secure Enterprise Search", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.4.6", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.4.0", "operator": "le"}, {"name": "Outside In Technology", "version": "8.5.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "5.0.22", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.4", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.5.0", "operator": "le"}, {"name": "Siebel Core - Server Framework", "version": "8.1.1", "operator": "le"}, {"name": "Oracle In-Memory Policy Analytics", "version": "12.0.1", "operator": "le"}, {"name": "Oracle Advanced Collections", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.4.0", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "4.3.0.1.0", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "12.0", "operator": "le"}, {"name": "Siebel Core - Server Framework", "version": "2015", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.1.3", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.6.0", "operator": "le"}, {"name": "JDBC", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "4.2.0.2.0", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.8.0", "operator": "le"}, {"name": "Siebel Core - Server Framework", "version": "2014", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.4", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Policy Automation for Mobile Devices", "version": "12.1.1", "operator": "le"}, {"name": "Java SE", "version": "8u92", "operator": "le"}, {"name": "Oracle Retail Central, Back Office, Returns Management", "version": "13.4", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Utilities Network Management System", "version": "1.12.0.1.16", "operator": "le"}, {"name": "Oracle Retail Integration Bus", "version": "15.0", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "6.3", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1121", "operator": "le"}, {"name": "Oracle Retail Integration Bus", "version": "13.0", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.29", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "5.2", "operator": "le"}, {"name": "Primavera Contract Management", "version": "14.2", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "15.2", "operator": "le"}, {"name": "Oracle Utilities Network Management System", "version": "1.10.0.6.27", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "2.1.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.4.0", "operator": "le"}, {"name": "Java SE", "version": "7u101", "operator": "le"}, {"name": "Oracle CRM Technical Foundation", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "2.x", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S Servers", "version": "2320", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.11", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "15.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.55", "operator": "le"}, {"name": "Oracle Advanced Collections", "version": "12.1.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u92", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.4.5", "operator": "le"}, {"name": "JDBC", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "13.2", "operator": "le"}, {"name": "Oracle Communications Core Session Manager", "version": "7.3.5", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "4.1", "operator": "le"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.1", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.30", "operator": "le"}, {"name": "Oracle Retail Integration Bus", "version": "13.2", "operator": "le"}, {"name": "Oracle Retail Integration Bus", "version": "14.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "5.0.26", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.6", "operator": "le"}, {"name": "Oracle Communications Network Charging and Control", "version": "5.0.0.1.0", "operator": "le"}, {"name": "Oracle Internet Expenses", "version": "12.1.1", "operator": "le"}, {"name": "Siebel UI Framework", "version": "2015", "operator": "le"}, {"name": "Oracle Retail Central, Back Office, Returns Management", "version": "12.0", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.3.0", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "5.1", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.1.3", "operator": "le"}, {"name": "Siebel Engineering - Installer and Deployment", "version": "2015", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.3", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "14.0", "operator": "le"}, {"name": "Oracle Application Express", "version": "5.0.4", "operator": "le"}, {"name": "Siebel Engineering - Installer and Deployment", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Communications Network Charging and Control", "version": "5.0.0.2.0", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.5.0", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Insurance Policy Administration J2EE", "version": "9.6.1", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.2.1.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.63", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Advanced Collections", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Communications EAGLE Application Processor", "version": "16.0", "operator": "le"}, {"name": "Oracle Utilities Network Management System", "version": "1.11.0.4.41", "operator": "le"}, {"name": "Oracle Retail Service Backbone", "version": "13.1", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "4.0.1", "operator": "le"}, {"name": "RDBMS", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "9.7.1", "operator": "le"}, {"name": "Portable Clusterware", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "12.1.0", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.5", "operator": "le"}, {"name": "Oracle Retail Service Backbone", "version": "15.0", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle One-to-One Fulfillment", "version": "12.2.3", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S Servers", "version": "2280", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2.0.0", "operator": "le"}, {"name": "Oracle Demand Planning", "version": "12.2", "operator": "le"}, {"name": "Solaris Cluster", "version": "4.3", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "6u115", "operator": "le"}, {"name": "Oracle One-to-One Fulfillment", "version": "12.2.5", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Retail Integration Bus", "version": "13.1", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.3.0", "operator": "le"}, {"name": "Oracle Internet Expenses", "version": "12.2.3", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "le"}, {"name": "Oracle Retail Central, Back Office, Returns Management", "version": "14.1", "operator": "le"}, {"name": "Oracle Internet Expenses", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Communications ASAP", "version": "7.3", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.49", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "13.0", "operator": "le"}, {"name": "Oracle TopLink", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Retail Central, Back Office, Returns Management", "version": "13.2", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "4.2.0.3.0", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.2.1.0.0", "operator": "le"}, {"name": "Oracle Knowledge", "version": "8.5.x", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "10.1.2", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.4", "operator": "le"}, {"name": "Oracle Advanced Inbound Telephony", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "10.0.1", "operator": "le"}, {"name": "Enterprise Manager for Fusion Middleware", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "11.1.2.4.0", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.4", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.3", "operator": "le"}, {"name": "Siebel Engineering - Installer and Deployment", "version": "2016", "operator": "le"}, {"name": "Oracle Retail Service Backbone", "version": "13.0", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "15.1", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "3.0.0", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.4.0", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "4.1.0.1.0", "operator": "le"}, {"name": "Oracle Financial Services Lending and Leasing", "version": "14.1", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.4.5", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.1.3", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Retail Service Backbone", "version": "14.0", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Oracle Communications Policy Management", "version": "9.9.2", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.4.4", "operator": "le"}, {"name": "Data Pump Import", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.3.0", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.7.0", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.8.1", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.4", "operator": "le"}, {"name": "Database Vault", "version": "11.2.0.4", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.1.4", "operator": "le"}, {"name": "Oracle E-Business Suite Secure Enterprise Search", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.1.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "8u92", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "4.3.0.2.0", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "7.0", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.0.1", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "13.1", "operator": "le"}, {"name": "Oracle Advanced Inbound Telephony", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Communications Network Charging and Control", "version": "4.4.1.5.0", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Insurance Policy Administration J2EE", "version": "10.2.0", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Enterprise Communications Broker", "version": "2.0.0m4p1", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "1.x", "operator": "le"}, {"name": "OJVM", "version": "11.2.0.4", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.2", "operator": "le"}, {"name": "Oracle Health Sciences Clinical Development Center", "version": "3.1.1.x", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.4.4", "operator": "le"}, {"name": "Oracle FLEXCUBE Direct Banking", "version": "12.0.1", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Insurance Calculation Engine", "version": "9.7.1", "operator": "le"}, {"name": "Siebel Core - Server Framework", "version": "2016", "operator": "le"}, {"name": "Outside In Technology", "version": "8.5.0", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.1.3", "operator": "le"}, {"name": "Oracle FLEXCUBE Direct Banking", "version": "12.0.3", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "16.1", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "8.0", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "2016", "operator": "le"}, {"name": "Oracle Communications Session Border Controller", "version": "7.2.0", "operator": "le"}, {"name": "Oracle Utilities Work and Asset Management", "version": "1.9.1.2.8", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "12.2.1.0.0", "operator": "le"}, {"name": "Oracle Financial Services Lending and Leasing", "version": "14.2", "operator": "le"}, {"name": "Java SE", "version": "6u115", "operator": "le"}, {"name": "Oracle Communications Network Charging and Control", "version": "5.0.1.0.0", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "5.2", "operator": "le"}, {"name": "Oracle Health Sciences Information Manager", "version": "3.0.1.0", "operator": "le"}, {"name": "Oracle Internet Expenses", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.3", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "9.6.1", "operator": "le"}, {"name": "Oracle Access Manager", "version": "10.1.4.x", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.4.6", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "4.1.0.2.0", "operator": "le"}, {"name": "RDBMS", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Communications Unified Session Manager", "version": "7.3.5", "operator": "le"}, {"name": "Oracle Demand Planning", "version": "12.1", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "2.2.0.0.0", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.4.1", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.4.3", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.3.1", "operator": "le"}, {"name": "Oracle Switch ES1-24", "version": "1.3", "operator": "le"}, {"name": "Siebel Engineering - Installer and Deployment", "version": "2014", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "2015", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.2", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.1.1", "operator": "le"}, {"name": "DB Sharding", "version": "12.1.0.2", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "12.2.1.0.0", "operator": "le"}, {"name": "OJVM", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Communications Core Session Manager", "version": "7.2.5", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.10", "operator": "le"}, {"name": "Oracle Utilities Framework", "version": "4.2.0.1.0", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.45", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.5", "operator": "le"}, {"name": "Oracle Insurance Policy Administration J2EE", "version": "10.2.2", "operator": "le"}, {"name": "JDBC", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.4.1", "operator": "le"}, {"name": "Oracle Insurance Calculation Engine", "version": "10.1.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.4.2", "operator": "le"}, {"name": "Oracle E-Business Suite Secure Enterprise Search", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Insurance Policy Administration J2EE", "version": "10.0.1", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.5", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "2014", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "10.2.2", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Retail Central, Back Office, Returns Management", "version": "13.1", "operator": "le"}, {"name": "Portable Clusterware", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Utilities Network Management System", "version": "1.11.0.5.4", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.1.3.0", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "12.2.1.0", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "7.0", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.12", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "10.2.0", "operator": "le"}, {"name": "Database Vault", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.4.1", "operator": "le"}, {"name": "Oracle Communications Network Charging and Control", "version": "5.0.2.0.0", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.3", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.0.1", "operator": "le"}, {"name": "Outside In Technology", "version": "8.5.2", "operator": "le"}, {"name": "Oracle TopLink", "version": "12.2.1.1", "operator": "le"}, {"name": "Oracle Insurance Policy Administration J2EE", "version": "9.7.1", "operator": "le"}, {"name": "Hyperion Financial Reporting", "version": "11.1.2.4", "operator": "le"}, {"name": "Oracle Health Sciences Clinical Development Center", "version": "3.1.2.x", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Communications Unified Session Manager", "version": "7.2.5", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "2.0.12", "operator": "le"}, {"name": "Oracle Retail Service Backbone", "version": "14.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.1", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "14.1", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.4.2", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Retail Central, Back Office, Returns Management", "version": "14.0", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "10.4.3", "operator": "le"}, {"name": "Oracle TopLink", "version": "12.2.1.0", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.0", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "13.1.0.0", "operator": "le"}, {"name": "Oracle Retail Central, Back Office, Returns Management", "version": "13.3", "operator": "le"}, {"name": "Oracle Communications Operations Monitor", "version": "3.3.92.0.0", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.26", "operator": "le"}, {"name": "Siebel Core - Server Framework", "version": "8.2.2", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.5", "operator": "le"}, {"name": "Oracle Retail Integration Bus", "version": "14.0", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "11.1.1.8", "operator": "le"}, {"name": "Oracle Documaker", "version": "12.5", "operator": "le"}, {"name": "Solaris Cluster", "version": "3.3", "operator": "le"}, {"name": "ILOM", "version": "3.0", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Healthcare Analytics Data Integration", "version": "3.1.0.0.0", "operator": "le"}, {"name": "Database Vault", "version": "12.1.0.2", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "9.2.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.2", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.7", "operator": "le"}, {"name": "Sun Network QDR InfiniBand Gateway Switch", "version": "2.2.2", "operator": "le"}, {"name": "Oracle Internet Expenses", "version": "12.1.3", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.3.0", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.3.2", "operator": "le"}, {"name": "Oracle Communications ASAP", "version": "7.0", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.1.2", "operator": "le"}, {"name": "Siebel UI Framework", "version": "2016", "operator": "le"}, {"name": "Oracle E-Business Suite Secure Enterprise Search", "version": "12.1.3", "operator": "le"}, {"name": "Siebel Engineering - Installer and Deployment", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Policy Automation Connector for Siebel", "version": "10.4.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "7u101", "operator": "le"}, {"name": "ILOM", "version": "3.2", "operator": "le"}, {"name": "Oracle Utilities Network Management System", "version": "1.12.0.2.12.", "operator": "le"}, {"name": "Data Pump Import", "version": "12.1.0.1", "operator": "le"}, {"name": "Sun Blade 6000 Ethernet Switched NEM 24P 10GE", "version": "1.2", "operator": "le"}, {"name": "Data Pump Import", "version": "12.1.0.2", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.48", "operator": "le"}, {"name": "Oracle Advanced Inbound Telephony", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Insurance Calculation Engine", "version": "10.2.2", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.2", "operator": "le"}, {"name": "Oracle FLEXCUBE Direct Banking", "version": "12.0.2", "operator": "le"}, {"name": "Oracle Installed Base", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "7.0.5.37.0", "operator": "le"}, {"name": "40G 10G 72/64 Ethernet Switch", "version": "2.0.0", "operator": "le"}, {"name": "ILOM", "version": "3.1", "operator": "le"}, {"name": "Oracle Health Sciences Information Manager", "version": "2.0.2.3", "operator": "le"}, {"name": "Oracle One-to-One Fulfillment", "version": "12.1.1", "operator": "le"}, {"name": "Oracle One-to-One Fulfillment", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Policy Automation", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Insurance Policy Administration J2EE", "version": "10.1.2", "operator": "le"}, {"name": "Oracle Health Sciences Information Manager", "version": "1.2.8.3", "operator": "le"}, {"name": "Oracle Portal", "version": "11.1.1.6", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.4", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.1.2", "operator": "le"}, {"name": "Solaris", "version": "11.3", "operator": "le"}, {"name": "Oracle Communications ASAP", "version": "7.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u101", "operator": "le"}, {"name": "Oracle Communications Session Border Controller", "version": "7.3.0", "operator": "le"}, {"name": "Oracle One-to-One Fulfillment", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.71", "operator": "le"}, {"name": "Oracle One-to-One Fulfillment", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Retail Service Backbone", "version": "13.2", "operator": "le"}, {"name": "Siebel UI Framework", "version": "2014", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.9", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.2", "operator": "le"}], "cvelist": ["CVE-2015-5600", "CVE-2016-5465", "CVE-2015-4000", "CVE-2016-3446", "CVE-2016-3508", "CVE-2016-3547", "CVE-2016-3529", "CVE-2016-5452", "CVE-2016-5445", "CVE-2016-1548", "CVE-2016-2518", "CVE-2016-3485", "CVE-2016-3444", "CVE-2015-1792", "CVE-2014-3566", "CVE-2016-3552", "CVE-2015-0235", "CVE-2016-3615", "CVE-2015-1793", "CVE-2016-3491", "CVE-2016-3553", "CVE-2016-3477", "CVE-2016-3613", "CVE-2016-5477", "CVE-2016-3488", "CVE-2015-3197", "CVE-2016-3592", "CVE-2016-3573", "CVE-2016-3494", "CVE-2016-5466", "CVE-2016-5019", "CVE-2015-3236", "CVE-2016-3544", "CVE-2014-3572", "CVE-2016-0705", "CVE-2016-3545", "CVE-2016-3611", "CVE-2015-7181", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-5455", "CVE-2016-3574", "CVE-2015-8138", "CVE-2016-3500", "CVE-2016-5472", "CVE-2016-4051", "CVE-2016-3445", "CVE-2016-5454", "CVE-2016-3554", "CVE-2016-5458", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-3570", "CVE-2016-3432", "CVE-2016-3515", "CVE-2016-2108", "CVE-2016-5447", "CVE-2016-3474", "CVE-2016-3528", "CVE-2016-5440", "CVE-2016-3580", "CVE-2014-3571", "CVE-2016-5450", "CVE-2016-3496", "CVE-2016-3555", "CVE-2016-3596", "CVE-2016-1938", "CVE-2016-5468", "CVE-2016-3481", "CVE-2016-3563", "CVE-2016-0799", "CVE-2016-3539", "CVE-2016-3507", "CVE-2016-3584", "CVE-2016-3519", "CVE-2016-5460", "CVE-2016-3472", "CVE-2016-3583", "CVE-2016-5471", "CVE-2016-3511", "CVE-2016-3479", "CVE-2016-3499", "CVE-2013-2064", "CVE-2014-0224", "CVE-2016-5467", "CVE-2016-0635", "CVE-2016-3498", "CVE-2016-2105", "CVE-2016-3560", "CVE-2016-3514", "CVE-2016-5453", "CVE-2016-3440", "CVE-2016-4052", "CVE-2015-3194", "CVE-2016-2107", "CVE-2016-3607", "CVE-2016-3556", "CVE-2016-3512", "CVE-2016-3532", "CVE-2015-7501", "CVE-2016-1550", "CVE-2016-3475", "CVE-2015-3253", "CVE-2016-0701", "CVE-2016-3476", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-1182", "CVE-2015-7704", "CVE-2016-3585", "CVE-2016-5444", "CVE-2016-3538", "CVE-2014-8275", "CVE-2016-3452", "CVE-2015-7979", "CVE-2016-3549", "CVE-2016-0797", "CVE-2015-7182", "CVE-2016-0702", "CVE-2015-2808", "CVE-2014-3570", "CVE-2016-5451", "CVE-2015-7575", "CVE-2016-3577", "CVE-2016-3591", "CVE-2016-3567", "CVE-2016-3467", "CVE-2016-3537", "CVE-2016-3593", "CVE-2016-3606", "CVE-2016-5456", "CVE-2016-3468", "CVE-2016-3540", "CVE-2016-2109", "CVE-2016-3559", "CVE-2016-5476", "CVE-2015-2721", "CVE-2016-3530", "CVE-2015-3193", "CVE-2014-9708", "CVE-2016-5473", "CVE-2016-3568", "CVE-2016-3453", "CVE-2016-5464", "CVE-2016-5462", "CVE-2016-3490", "CVE-2016-3572", "CVE-2016-3513", "CVE-2012-3137", "CVE-2015-0228", "CVE-2016-3509", "CVE-2015-3237", "CVE-2016-3565", "CVE-2016-5437", "CVE-2016-3534", "CVE-2016-3503", "CVE-2015-7183", "CVE-2016-3550", "CVE-2015-1788", "CVE-2016-3525", "CVE-2016-3587", "CVE-2016-3561", "CVE-2016-3504", "CVE-2016-3581", "CVE-2016-3501", "CVE-2016-5457", "CVE-2016-1547", "CVE-2015-3183", "CVE-2016-3614", "CVE-2012-3410", "CVE-2016-5461", "CVE-2016-5439", "CVE-2015-0204", "CVE-2016-5449", "CVE-2016-3578", "CVE-2016-3527", "CVE-2016-0800", "CVE-2016-3489", "CVE-2016-3483", "CVE-2016-3433", "CVE-2016-5459", "CVE-2016-1181", "CVE-2016-3450", "CVE-2016-3524", "CVE-2016-5442", "CVE-2016-3564", "CVE-2016-5470", "CVE-2013-2566", "CVE-2016-2176", "CVE-2015-1790", "CVE-2016-3542", "CVE-2016-1978", "CVE-2016-3575", "CVE-2016-3531", "CVE-2016-3502", "CVE-2016-3459", "CVE-2016-5446", "CVE-2016-3480", "CVE-2016-3533", "CVE-2016-5469", "CVE-2016-3526", "CVE-2016-5448", "CVE-2016-3486", "CVE-2016-3448", "CVE-2016-5474", "CVE-2016-5436", "CVE-2016-3523", "CVE-2016-5441", "CVE-2016-5475", "CVE-2016-3576", "CVE-2016-3595", "CVE-2016-3610", "CVE-2016-3458", "CVE-2016-3484", "CVE-2016-3586", "CVE-2016-3520", "CVE-2016-3451", "CVE-2016-3582", "CVE-2015-5300", "CVE-2016-3497", "CVE-2016-3589", "CVE-2016-3517", "CVE-2016-3608", "CVE-2016-3510", "CVE-2016-3493", "CVE-2016-3536", "CVE-2016-3548", "CVE-2016-3506", "CVE-2016-3571", "CVE-2016-3487", "CVE-2016-3546", "CVE-2016-5463", "CVE-2016-3541", "CVE-2016-3081", "CVE-2016-3521", "CVE-2015-0205", "CVE-2016-4053", "CVE-2016-3579", "CVE-2016-5443", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-2106", "CVE-2016-3594", "CVE-2016-3478", "CVE-2016-3522", "CVE-2016-3535", "CVE-2016-3543", "CVE-2016-3612", "CVE-2014-3569", "CVE-2016-3470", "CVE-2016-3518", "CVE-2016-3516", "CVE-2015-1791", "CVE-2016-3569", "CVE-2016-3482", "CVE-2016-3590", "CVE-2015-8104", "CVE-2016-3609", "CVE-2016-3566", "CVE-2016-3469"], "modified": "2016-10-18T00:00:00", "id": "ORACLE:CPUJUL2016-2881720", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
