Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM24400C9D70BA9E11A467C03D5072550ABC0427709E1B129CDE6B8C00AC26633B
HistorySep 11, 2019 - 5:35 p.m.

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-zb

2019-09-1117:35:09
www.ibm.com
23

EPSS

0.964

Percentile

99.6%

JSON

Summary

AT&T has released versions 1801-zb for the Vyatta 5600.

Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches

Vulnerability Details

Relevant CVE Information:

CVEID: CVE-2013-5211 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntp_request.c. By sending a sending specially-crafted REQ_MON_GETLIST or REQ_MON_GETLIST_1 request, an attacker could exploit this vulnerability to consume available CPU resources and cause the server to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90143&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2019-13272 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by improper permission validation and improper object lifetime handling for PTRACE_TRACEME in the ptrace_link function. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163733&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

VRA - Vyatta 5600

Remediation/Fixes

Please contact IBM Cloud Support to request that the ISO for the 1801-za be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window).

Related

nessus 58
cert 1
suse 1
threatpost 4
checkpoint_advisories 1
securityvulns 3
ibm 9
zdt 6
freebsd 1
packetstorm 4
openvas 33
exploitpack 2
slackware 2
debiancve 2
cve 2
prion 2
oraclelinux 8
f5 3
mageia 1
cvelist 2
amazon 4
aix 1
nvd 2
ubuntucve 2
fortinet 1
checkpoint_security 1
gentoo 1
freebsd_advisory 1
ics 1
thn 2
metasploit 2
githubexploit 6
osv 4
debian 4
attackerkb 1
redhatcve 1
fedora 1
cisa_kev 1
exploitdb 4
vmware 2
redhat 3
photon 2
ubuntu 4
cloudfoundry 1
cisa 2
nessus
nessus
AIX 6.1 TL 7 : ntp (IV58413)
2014-06-17 00:00:00
Oracle Linux 7 : ntp (ELSA-2016-3612)
2016-09-13 00:00:00
AIX 6.1 TL 8 : ntp (IV58068)
2014-06-17 00:00:00
cert
cert
NTP can be abused to amplify denial-of-service attack traffic
2014-01-10 00:00:00
suse
suse
DDoS reflection attacks in ntp
2014-01-20 17:05:38
threatpost
threatpost
Volume of NTP Amplification Attacks Getting Louder
2014-04-29 13:03:29
NTP Amplification Blamed for 400 Gbps DDoS Attack
2014-02-11 12:21:35
PointDNS Recovers from Massive DDoS Attack
2014-05-12 15:35:26
checkpoint_advisories
checkpoint_advisories
NTP Servers Monlist Command Denial of Service (CVE-2013-5211)
2014-01-19 00:00:00
securityvulns
securityvulns
ntp traffic amplification
2014-01-14 00:00:00
TA14-013A: NTP Amplification Attacks Using CVE-2013-5211
2014-01-14 00:00:00
[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service &#40;DoS&#41;
2014-01-14 00:00:00
ibm
ibm
Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)
2022-02-23 19:48:26
Security Bulletin: The IBM Chassis Management Module (CMM) is affected by a vulnerability in NTP server (CVE-2013-5211)
2019-01-31 01:25:01
Security Bulletin: IBM Flex System Manager (FSM) is affected by vulnerability (CVE-2013-5211)
2019-01-31 01:25:01
zdt
zdt
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-29 00:00:00
Linux PTRACE_TRACEME Local Root Exploit
2020-03-26 00:00:00
Linux Kernel 4.10 < 5.1.17 - PTRACE_TRACEME pkexec Local Privilege Escalation Exploit
2019-07-26 00:00:00
freebsd
freebsd
ntpd DRDoS / Amplification Attack using ntpdc monlist command
2014-01-01 00:00:00
packetstorm
packetstorm
NTP Amplification Denial Of Service Tool
2014-07-16 00:00:00
Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation
2021-11-23 00:00:00
Linux Polkit pkexec Helper PTRACE_TRACEME Local Root
2019-10-23 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1314)
2020-03-24 00:00:00
Juniper Networks Junos OS NTP Server Amplification Denial of Service Vulnerability
2014-07-31 00:00:00
Gentoo Security Advisory GLSA 201401-08
2015-09-29 00:00:00
exploitpack
exploitpack
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
Linux Kernel 4.10 5.1.17 - PTRACE_TRACEME pkexec Local Privilege Escalation
2019-07-24 00:00:00
slackware
slackware
ntp
2014-02-13 16:38:35
[slackware-security] Slackware 14.2 kernel
2019-07-22 04:08:19
debiancve
debiancve
CVE-2013-5211
2014-01-02 14:59:03
CVE-2019-13272
2019-07-17 13:15:10
cve
cve
CVE-2013-5211
2014-01-02 14:59:03
CVE-2019-13272
2019-07-17 13:15:10
prion
prion
Security feature bypass
2014-01-02 14:59:00
Design/Logic Flaw
2019-07-17 13:15:00
oraclelinux
oraclelinux
ntp security update
2016-09-09 00:00:00
ntp security update
2016-09-09 00:00:00
kernel security update
2019-08-19 00:00:00
f5
f5
SOL15154 - NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
K15154 : NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
K91025336 : Linux kernel vulnerability CVE-2019-13272
2019-08-30 00:00:00
mageia
mageia
Updated ntp packages work around security vulnerability
2014-01-31 20:44:56
cvelist
cvelist
CVE-2013-5211
2014-01-02 11:00:00
CVE-2019-13272
2019-07-17 12:32:55
amazon
amazon
Medium: ntp
2021-09-08 23:35:00
Important: kernel
2019-07-18 17:16:00
Important: kernel
2019-07-17 23:18:00
aix
aix
Network Time Protocol (NTP) vulnerability in AIX,Network Time Protocol (NTP) vulnerability in VIOS
2014-06-12 16:24:51
nvd
nvd
CVE-2013-5211
2014-01-02 14:59:03
CVE-2019-13272
2019-07-17 13:15:10
ubuntucve
ubuntucve
CVE-2019-13272
2019-07-17 00:00:00
CVE-2013-5211
2014-01-02 00:00:00
fortinet
fortinet
FortiAnalyzer could potentially be used in NTP amplification attacks
2020-06-22 00:00:00
checkpoint_security
checkpoint_security
Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)
2014-03-01 22:00:00
gentoo
gentoo
NTP: Traffic amplification
2014-01-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:02.ntpd
2014-01-14 00:00:00
ics
ics
NTP Reflection Attack
2018-09-06 12:00:00
thn
thn
Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack
2014-01-02 20:25:00
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
2024-06-22 11:28:00
metasploit
metasploit
NTP Monitor List Scanner
2010-01-27 23:25:17
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
2019-09-05 17:00:44
githubexploit
githubexploit
Exploit for Improper Privilege Management in Linux Linux Kernel
2019-08-07 01:21:26
Exploit for Improper Privilege Management in Linux Linux Kernel
2019-07-31 04:51:43
Exploit for Improper Privilege Management in Linux Linux Kernel
2019-07-31 06:36:21
osv
osv
CVE-2019-13272
2019-07-17 13:15:10
linux - security update
2019-07-20 00:00:00
linux-4.9 - security update
2019-07-23 00:00:00
debian
debian
[SECURITY] [DLA 1863-1] linux-4.9 security update
2019-07-23 17:48:52
[SECURITY] [DSA 4484-1] linux security update
2019-07-20 14:34:14
[SECURITY] [DSA 4484-1] linux security update
2019-07-20 14:34:14
attackerkb
attackerkb
CVE-2019-13272
2019-07-17 00:00:00
redhatcve
redhatcve
CVE-2019-13272
2019-10-16 06:44:39
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-headers-5.1.18-200.fc29
2019-07-19 03:07:30
cisa_kev
cisa_kev
Linux Kernel Improper Privilege Management Vulnerability
2021-12-10 00:00:00
exploitdb
exploitdb
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
2019-10-24 00:00:00
Linux Kernel 4.10 &lt; 5.1.17 - &#039;PTRACE_TRACEME&#039; pkexec Local Privilege Escalation
2019-07-24 00:00:00
vmware
vmware
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
redhat
redhat
(RHSA-2019:2411) Important: kernel security update
2019-08-07 14:59:04
(RHSA-2019:2405) Important: kernel-rt security update
2019-08-07 12:47:49
(RHSA-2019:2809) Important: kernel-alt security, bug fix, and enhancement update
2019-09-17 10:58:14
photon
photon
Critical Photon OS Security Update - PHSA-2019-0245
2019-07-24 00:00:00
Critical Photon OS Security Update - PHSA-2019-0175
2019-09-03 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-08-13 00:00:00
Linux kernel vulnerabilities
2019-08-13 00:00:00
Linux kernel (AWS) vulnerabilities
2019-09-02 00:00:00
cloudfoundry
cloudfoundry
USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2019-08-29 00:00:00
cisa
cisa
CISA Adds Thirteen Known Exploited Vulnerabilities to Catalog
2021-12-10 00:00:00
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
2021-12-10 00:00:00

EPSS

0.964

Percentile

99.6%

JSON
Related for 24400C9D70BA9E11A467C03D5072550ABC0427709E1B129CDE6B8C00AC26633B
nessus58cert1suse1threatpost4checkpoint_advisories1securityvulns3ibm9zdt6freebsd1packetstorm4openvas33exploitpack2slackware2debiancve2cve2prion2oraclelinux8f53mageia1cvelist2amazon4aix1nvd2ubuntucve2fortinet1checkpoint_security1gentoo1freebsd_advisory1ics1thn2metasploit2githubexploit6osv4debian4attackerkb1redhatcve1fedora1cisa_kev1exploitdb4vmware2redhat3photon2ubuntu4cloudfoundry1cisa2