Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager

2018-06-16T21:45:20

Description

## Summary There were multiple security vulnerabilities fixed in the IBM Security Privileged Identity Manager Product ## Vulnerability Details **CVEID:** [CVE-2016-2996](<https://vulners.com/cve/CVE-2016-2996>)** DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow an authenticated user to append lines to any file on the system due to an error with input validation. CVSS Base Score: 6.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114150> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) **CVEID:** [CVE-2015-5194](<https://vulners.com/cve/CVE-2015-5194>)** DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107595> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-7692](<https://vulners.com/cve/CVE-2015-7692>)** DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107450> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-5195](<https://vulners.com/cve/CVE-2015-5195>)** DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107596> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-5219](<https://vulners.com/cve/CVE-2015-5219>)** DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107597> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-7691](<https://vulners.com/cve/CVE-2015-7691>)** DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107449> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-7701](<https://vulners.com/cve/CVE-2015-7701>)** DESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107444> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID:** [CVE-2015-7702](<https://vulners.com/cve/CVE-2015-7702>)** DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107451> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-7703](<https://vulners.com/cve/CVE-2015-7703>)** DESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the "pidfile" and "driftfile" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107445> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) **CVEID:** [CVE-2015-7852](<https://vulners.com/cve/CVE-2015-7852>)** DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 7.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107439> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2015-7978](<https://vulners.com/cve/CVE-2015-7978>)** DESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110023> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-7977](<https://vulners.com/cve/CVE-2015-7977>)** DESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110022> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-7979](<https://vulners.com/cve/CVE-2015-7979>)** DESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. CVSS Base Score: 6.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110024> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) **CVEID:** [CVE-2016-1547](<https://vulners.com/cve/CVE-2016-1547>)** DESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 3.7 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112739> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2016-1548](<https://vulners.com/cve/CVE-2016-1548>)** DESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. CVSS Base Score: 7.2 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112740> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L) **CVEID:** [CVE-2016-1550](<https://vulners.com/cve/CVE-2016-1550>)** DESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. CVSS Base Score: 4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112742> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) **CVEID:** [CVE-2016-2518](<https://vulners.com/cve/CVE-2016-2518>)** DESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. CVSS Base Score: 2 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112746> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2015-5352](<https://vulners.com/cve/CVE-2015-5352>) ** DESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104418> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) **CVEID:** [CVE-2015-6563](<https://vulners.com/cve/CVE-2015-6563>)** DESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. CVSS Base Score: 4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105881> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) **CVEID:** [CVE-2015-6564](<https://vulners.com/cve/CVE-2015-6564>)** DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. CVSS Base Score: 7.4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105882> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)** DESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)** DESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 6.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** DESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>)** DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 8.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>)** DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. CVSS Base Score: 4.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) **CVEID:** [CVE-2016-0353](<https://vulners.com/cve/CVE-2016-0353>)** DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. CVSS Base Score: 3.7 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111892> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions IBM Security Privileged Identity Manager 2.0 ## Remediation/Fixes Affected Versions | Fix Availability ---|--- ISPIM 2.0| [ISPIM 2.0.2 Fixpack 8](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%2BSecurity&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0008&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&login=true>) ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm security privileged identity manager	2.0.2

{"id": "366FA55EE0B09B40AABB041DB433F5E49FC0E42F7988440387EBE3EED9DBAE91", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager", "description": "## Summary\n\nThere were multiple security vulnerabilities fixed in the IBM Security Privileged Identity Manager Product\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-2996](<https://vulners.com/cve/CVE-2016-2996>)** \nDESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow an authenticated user to append lines to any file on the system due to an error with input validation. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114150> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [CVE-2015-5194](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107595> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2015-7692](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107450> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-5195](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107596> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-5219](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107597> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7691](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107449> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7701](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107444> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2015-7702](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107451> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7703](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107445> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-7852](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107439> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2015-7978](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110023> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7977](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110022> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2015-7979](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110024> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1547](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112739> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1548](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112740> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1550](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112742> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2016-2518](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112746> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [CVE-2015-5352](<https://vulners.com/cve/CVE-2015-5352>) \n** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104418> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [CVE-2015-6563](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105881> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-6564](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n**CVEID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n**CVEID:** [CVE-2016-0353](<https://vulners.com/cve/CVE-2016-0353>)** \nDESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111892> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Security Privileged Identity Manager 2.0\n\n## Remediation/Fixes\n\nAffected Versions\n\n| Fix Availability \n---|--- \nISPIM 2.0| [ISPIM 2.0.2 Fixpack 8](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%2BSecurity&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0008&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2018-06-16T21:45:20", "modified": "2018-06-16T21:45:20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, "href": "https://www.ibm.com/support/pages/node/549235", "reporter": "IBM", "references": [], "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-0353", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518", "CVE-2016-2996", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447"], "immutableFields": [], "lastseen": "2023-02-21T05:51:23", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["NTP_ADVISORY4.ASC", "NTP_ADVISORY6.ASC", "NTP_ADVISORY7.ASC", "OPENSSH_ADVISORY5.ASC", "OPENSSH_ADVISORY6.ASC", "OPENSSH_ADVISORY7.ASC"]}, {"type": "altlinux", "idList": ["29E77B84F0912F2ABB753A2B43C020CA"]}, {"type": "amazon", "idList": ["ALAS-2015-568", "ALAS-2015-592", "ALAS-2015-593", "ALAS-2015-607", "ALAS-2015-625", "ALAS-2016-649", "ALAS-2016-708", "ALAS-2016-719", "ALAS-2016-727"]}, {"type": "apple", "idList": ["APPLE:08DDC9EE4E7DEBCD387FA33304B8E244", "APPLE:138B6A194013E2308AFAD7088D94B143", "APPLE:6675EF5C2567C41D8B07EDE19642D215", "APPLE:8DE1B81CB3F1FAE2DFA54423887EED84", "APPLE:A698320079BD7F6AF117CDE3A822068D", "APPLE:AD3C9159192D0BE1FCE85D24889D3B53", "APPLE:HT206899", "APPLE:HT206901", "APPLE:HT206902", "APPLE:HT206903", "APPLE:HT206904", "APPLE:HT206905"]}, {"type": "archlinux", "idList": ["ASA-201507-4", "ASA-201510-14", "ASA-201605-27"]}, {"type": "centos", "idList": ["CESA-2015:2088", "CESA-2016:0741", "CESA-2016:0780", "CESA-2016:1141", "CESA-2016:1292", "CESA-2016:2583"]}, {"type": "cert", "idList": ["VU:718152"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1082"]}, {"type": "cisco", "idList": ["CISCO-SA-20151021-NTP", "CISCO-SA-20160127-NTPD", "CISCO-SA-20160428-NTPD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0B67E4FF46553AC705FD601C96C1A6B6", "CFOUNDRY:DCC31D4961650B41BAF732BB0B28B011"]}, {"type": "cve", "idList": ["CVE-2015-5192", "CVE-2015-5193", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-0353", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518", "CVE-2016-2996", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4483", "CVE-2016-4956", "CVE-2016-4957", "CVE-2016-9596", "CVE-2016-9597"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1500-1:E6BD7", "DEBIAN:DLA-288-1:31147", "DEBIAN:DLA-288-1:36C61", "DEBIAN:DLA-335-1:922EB", "DEBIAN:DLA-503-1:11947", "DEBIAN:DLA-503-1:6F8B6", "DEBIAN:DLA-559-1:E64BA", "DEBIAN:DSA-3388-1:B971A", "DEBIAN:DSA-3593-1:95A95", "DEBIAN:DSA-3593-1:F14D3", "DEBIAN:DSA-3629-1:3CA50"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5194", "DEBIANCVE:CVE-2015-5195", "DEBIANCVE:CVE-2015-5219", "DEBIANCVE:CVE-2015-5352", "DEBIANCVE:CVE-2015-6563", "DEBIANCVE:CVE-2015-6564", "DEBIANCVE:CVE-2015-7691", "DEBIANCVE:CVE-2015-7692", "DEBIANCVE:CVE-2015-7701", "DEBIANCVE:CVE-2015-7702", "DEBIANCVE:CVE-2015-7703", "DEBIANCVE:CVE-2015-7852", "DEBIANCVE:CVE-2015-7977", "DEBIANCVE:CVE-2015-7978", "DEBIANCVE:CVE-2015-7979", "DEBIANCVE:CVE-2016-1547", "DEBIANCVE:CVE-2016-1548", "DEBIANCVE:CVE-2016-1550", "DEBIANCVE:CVE-2016-2518", "DEBIANCVE:CVE-2016-3627", "DEBIANCVE:CVE-2016-3705", "DEBIANCVE:CVE-2016-4447", "DEBIANCVE:CVE-2016-4483", "DEBIANCVE:CVE-2016-4956", "DEBIANCVE:CVE-2016-4957", "DEBIANCVE:CVE-2016-9596", "DEBIANCVE:CVE-2016-9597"]}, {"type": "f5", "idList": ["F5:K02360853", "F5:K04403302", "F5:K05046514", "F5:K06288381", "F5:K11251130", "F5:K17263", "F5:K17461", "F5:K17516", "F5:K17517", "F5:K17529", "F5:K17530", "F5:K20804323", "F5:K23453330", "F5:K24322529", "F5:K40444230", "F5:K43205719", "F5:K54225343", "F5:K60352002", "F5:K63675293", "F5:K64505405", "SOL02360853", "SOL04403302", "SOL05046514", "SOL06288381", "SOL11251130", "SOL17263", "SOL17461", "SOL17516", "SOL17517", "SOL17529", "SOL17530", "SOL20804323", "SOL23453330", "SOL40444230", "SOL43205719", "SOL54225343", "SOL60352002", "SOL63675293"]}, {"type": "fedora", "idList": ["FEDORA:0429D60C85D7", "FEDORA:09EA7605EEEE", "FEDORA:0F42760C37F8", "FEDORA:16651604E476", "FEDORA:2C5E360874CA", "FEDORA:33F3A604C871", "FEDORA:3A6FF60779A2", "FEDORA:4007460D633E", "FEDORA:4228960617E1", "FEDORA:43935602185E", "FEDORA:4B961604A720", "FEDORA:6C28E6098B16", "FEDORA:7B66961B84A2", "FEDORA:8830E6049DEB", "FEDORA:AFA96612EFCF", "FEDORA:BF30B604EC08", "FEDORA:D1EB860677B7", "FEDORA:D6F3461C2306", "FEDORA:E91026051DE7"]}, {"type": "fortinet", "idList": ["FG-IR-16-035"]}, {"type": "freebsd", "idList": ["2920C449-4850-11E5-825F-C80AA9043978", "5237F5D7-C020-11E5-B397-D050996490D0", "B2487D9A-0C30-11E6-ACD0-D050996490D0", "C4A18A12-77FC-11E5-A687-206A8A720317", "E195679D-045B-4953-BB33-BE0073BA2AC6"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-15:25.NTP", "FREEBSD_ADVISORY:FREEBSD-SA-16:09.NTP", "FREEBSD_ADVISORY:FREEBSD-SA-16:16.NTP"]}, {"type": "gentoo", "idList": ["GLSA-201512-04", "GLSA-201607-15", "GLSA-201701-37"]}, {"type": "github", "idList": ["GHSA-5GGR-MPGW-3MGX", "GHSA-7JW3-5Q4W-89QG"]}, {"type": "hackerone", "idList": ["H1:293126"]}, {"type": "ibm", "idList": ["0538F1F70BAB5FCA45754EDBB09CAF9B10581B95803B856B7E3B3E1BA0EC5E25", "0D47C7769287938EB442E2F39E254DDE66244236B79EDE211167EFA894D23D52", "104BE807C8577FF816DF414B5A588FABB581711BB54758F6F49C7CAC17CD68BE", "114E585C40260A91CB9314D6E69C49EEB63BA74E9AE5EFA329A89D234E892812", "12780044E1A62D25F913723FBCBD5B926E91CC9AC8CA8FAA1DCE18D02D152689", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "1815BD265DEB0EE550962E1526DA1FE75BACA3823A20A4BCDA8ED078F9EC9C8D", "1A977E1D46AE4CB4B7068DB341125931FAD75C28D6703503973FFF9BE917887F", "1F1B1EC1594C7E19C2A176EDD701AA6199C4EBCB21A0B6EDACB2025E74C5B340", "1FEFA99A628B371AF9C2F1F278C6B1DF16518F0C3DBEEA0F5D263491A875731F", "200EB5D05FDD22F6EA7DB38F81D5DFDB97686B3E63B80F435FD2CC4BE274FC98", "23F8C1E67922626C0589CA86ED9B40D441D494E8B56CD8FF4A2EF76F18E6861F", "2406147E7F1A480D16DAF974D9B99C2725C43B01A994C65A6210C059B36B3A7F", "240E4A153FDD3A8964B6116AF3BBAAE543FEDD9CA876A2634452B1D556949026", "286378C830B748E29DFAEAB7AC19693EE4565D1CAB6189EAA20A975B835DFAD6", "29036B6FEB00571E2FBC00E867150134E5DF9C08AD44F9670B7C8B0109F99570", "2DD38E427DB50FDA5C4D07F52BDC62BA35206BA44BC185595E39ACAE88DD41C5", "3033CEC46BF22E7E12BC3CCFAA8D29B6F551CF4E9D9382E3751615A2B8453073", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "39CAE5EE9A0F3DE219E28E6A3BE90E3B8E089FF2AA4C74E8BE3A4E2714716AC5", "39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211", "3C630E87CC8A98E980FC5838CF94096C676B99FA65014F79A0F1057053EEB9E0", "3CFF13ADA1D4912594BB3AC9D0D9ACB17881A208B1AD8998A1E8BD64DD6C5268", "3D32F9B38D46DF89EF7AEC91E44C48557AF1A0BE8B9EBD7772ADE328CB0FB68E", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3DAB255772B5C0465CD2A50FC27BF93D482025FE8D7247F3C147E19AC9F9AFD2", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3E49CBEB811DC6FB2148BB6760DCF7F4195742A227E331F2B6FC77F6E3E6FB47", "4370D15531D6232EC307EEAC2D2598CAE72B4AE33E8E993F50C2E5954C68FAE1", "4BD37C099764C81731DA3AA4637BAEEF6FB4F4E3785F77F55CBF8371598C955D", "4C7ABD6184F07492CD3E68920C652DDC7C12A362007F11DC73BF8127F338162D", "4C800D760232A012AE25AED7F8AFCFF9E3EF3D9D48D3614E764CC6588F221519", "4E0F3F37822FD6C37F3F06A94F967EABE3AAC2F9D4382E4932DAA8EA6754AFF7", "50F17354A0A89B52C1E061D02F78509C6F34AF2860DC46D6DFC82469E2AB6C29", "5AE60C27D7A7DC39A9E93670B36592CF2CC07C1742320F08877BBAD7F1E4DFA9", "6253D6195173C24D2F250E5EBA9E1FFC8DBDFC9645E89016FCD04E6F2D9EBEB3", "6366F9365DC3A4D56C669462E1CDF705517C5A22BD2429D5D47562A8B5941659", "637F608901EF8B9FD34455682320A8EBC1B665D4F6B5C7F53F3E57AE66C9AAAA", "65DC12D6E8E0D53E6ED0AF1F356647C749F500509AAE6E4435FC95F00517F01C", "6858032AD0022691AF88FEDCEF29BB4CEA50172EAD995CAB6463B91C16637C1C", "68E7DB3D7E398B2706226213F9B1A94ACD374A065EE9538BCE2CF140B065CB08", "691466DAEE06683E49687F1AD61B1DE274EE44CA9F6E86B9BF8D7D76D6346999", "6A7C55E1DDEAA4CEA3662F3BC88E017205C0D5FDEC4D5937CBB10031914E4301", "6AB5B24B612744A794E7F28CC88F04C811F4BB9710FE31917EFCB65EDDDF7C9A", "6E3DD8D635F925ADFEC4EE4DA2F5B022F2EA3005D11E90E959C070E6C237363C", "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "71A473993D401FAFDA20A063C958EB3785E06B0F2833BBEB5FA0B1E2E3123139", "743DC93C2E4EF47CECE36F8B7C060480B640A7FAA0F558539F5D22DEB5ACF3B7", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "840E0B75D9A525859E6D257E20A9FBDAABF9390C554A5CEE157B1DD3B19422FA", "8525F7239C1CAD00E7619F2085AA69D3228C25DE2068E9816BB597E4AFC46B3F", "8585A81D2C6357431DB37ADDF4189DBBFAC913BE555A9B6483BF16E8E8705C85", "863FA459105EFBD6DCE605FC1459B4D8311ECF67250CF8C24ACC2170FE3FF7D1", "8731F85B75BA77CC3784CD784E98484D53CD189EA60F1F57A3A4EE351FF62B39", "896284C44F8FBF941AE90692DD004DBE6CFCB53EE30FD02FE0EF596C4EDDE82B", "8AECCBE0CD244EF2C1818D4560A2112EBDDE17CF922BC7869D4367156735AD72", "8C627560C2A762877E29FE93CE22539B681C95B5EA745BEE68F35C8128768B4E", "90B70E1993214101D9CBFD4EE28BC40E7D32800F9FA576E86104883F6EABE144", "9397B926A331589D0B25C1576B41F399C3D00F60E62ACC0BF739BEA5D9739F34", "9A198E29B89BC7B60DB81DBE742451F1FE624D98485E73FFD7FB3A3EC3F754E6", "9CC98367A213309185EDA7DC75FCDBBA5D5754142F33E0C8ED1B454D10CF416E", "9E3B1F6158EF5703EF54F7C3064A7EB99BF9523B8A6CCF05475346791179C879", "A09274BA1A31537EA391724E8C52797113E094AE9E4EAA66FB5A50D995921587", "A20DD20D95C60578C655644D1A8A4C9E587B5A7916261AE7A525E0C7B766C3AC", "A38279E551792BA29F1FA34034CD64E94266819C4862EDC7B206E7A748D269FD", "A49F8E92510CDD96D8127764BC310529CF44A60596DB14352FF329575652A707", "A4FDFC527D8A765D6247DDB806EE98612DA0FE7BCB4E133A742D7FA9A06E39DC", "A58DA96E56F6C8713021FE70BABF6FE8D1BDE857288DB3839F4DC087C1E95668", "A6C7A5D5A08AEAC8E6361451B0B522DF672ED6DA9BA8855C94D460DC21C40626", "AAE50909D8058934D5CCB989B4CEA17B72CABD2BC4CF08576581EC909FE087A7", "AC55B5CA914D3699B6FFB572364AB471AF9D451850945C25BB12A4641AA0A58C", "B4BA991763253D738BCAA9AB61AE50E1AA4C20D6F3366D5551C3051C29FEADB2", "BB7F77CD9AD35B7EE730FF331031F1B862553B69BC5A147FDE9AB8E45486503E", "BE523D88E9070A2DC41C20554C070BC6A203CA40E3C999CC7B9D52C82AF77DEF", "C24D4FCC97FD95E90382A4216040099F16203ABF61AF30281EF1C2E136253A42", "C270008C47088F4AB45570D101436BB116E08F304CC36AF51E0823C68AFCAAE8", "C6D76168198B9EF24D77F1D04BA06E30D33B0C7D71C8457114E69E1A43BB68AD", "C9594147E388237928595F1CF759F8EC355015BE6AC29A030A2FA3207D9B6DE4", "C9A098A495C84449FE37F5185D9511BAF41B34B7A322B48105FF2EE7EC21E28E", "C9B215C2E990733679984F0C6E86DB20EA1ED143683D79CFE88293360577ED49", "C9D56908C5941D51F8B700D0AEB133B65A72D4A5D3A7FAA2D989A477B71C954D", "CA6E3637DF88242A594D4031F99B9B52B31D310319B28927BA65F4CEA6A82F4D", "CCACF79B71B719DCED3056EA93C9CF9EF0251309B57479F56594DD483F2026B4", "CD1AEA82D347BCF45C817F297F91F17B63798AE3055B653759D8342B9405F1E0", "CF531CAC76DDBE4456F0820A7939858EA06E071B4052A5CE0992D88CE2442928", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D5D68C274689503F08DAB338007FECB9B03D6956ECF160CECB37263C1DB02BAC", "D5DA548187DF2EFE03F7040FF05BC360041CF8C1CFAF6CD126E5A8B7D72A93AC", "D75C787D719F6B509B47AAA92C0EBBE969DDCD2CD7BAA1800C224FD759790609", "D9F3546932BD432766323A6E9A562D656E3EAC77AAB6EE3AAADFF6008E59BC30", "DC20BBE5482A40A0BDAE82857A6E8472BDCBE4575896AE7B72100F6E785E7BF6", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "E3BD856982B27C3FE93EC13A76D5806B5BB18B95DD328F70706B73BE68D790ED", "E432D69FD747FEBA35F4B0BF60914AF5A4926D2D00F81B81D0023873400BEE1C", "E5020E25CC0D31B3DD625C72F6EB591C437E68772CFDB40BEECC3F7C69328CB0", "EA4BC9A6E1BC28B39AE0C360DA599139777EC05EDFDC5120E91AC3051300D3E7", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "F2A538AF2ED1CAABCF5F0891DB02363ECADA659FE7F2989D3CCD7668E4585622", "F409CD49EEB82894701C6794E7636605DF8DB2E0BCBE414974A02F713F90F794", "F5BAF336C0FFA1A9715652B899383A9C6D730D8ADE9E07CAD68C90971C7F8249", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922", "F936FE55F38C08867ADBDA8E6F3802EAC3CA57726D86C3FDB2C0BC8583619B6F", "F9A935F07F0C2592550406829A333AA17FFA9DE5B312BF55A008E03FEAC4C43E", "FFF1402575E7BE1F32E231DF470BEDA94544D3C346FFE024F98E6A628264A23E"]}, {"type": "ics", "idList": ["ICSA-17-094-04", "ICSA-21-103-11", "ICSA-21-159-11", "ICSMA-20-184-01"]}, {"type": "jvn", "idList": ["JVN:03188560", "JVN:65044642"]}, {"type": "mageia", "idList": ["MGASA-2015-0271", "MGASA-2015-0348", "MGASA-2015-0413", "MGASA-2016-0039", "MGASA-2016-0174", "MGASA-2016-0187", "MGASA-2016-0219", "MGASA-2016-0244", "MGASA-2016-0263"]}, {"type": "nessus", "idList": ["9308.PRM", "9309.PRM", "9324.PRM", "9430.PRM", "9441.PRM", "AIX_IV79942.NASL", "AIX_IV79943.NASL", "AIX_IV79944.NASL", "AIX_IV79945.NASL", "AIX_IV79946.NASL", "AIX_IV83984.NASL", "AIX_IV83993.NASL", "AIX_IV83994.NASL", "AIX_IV83995.NASL", "AIX_IV84269.NASL", "AIX_IV87419.NASL", "AIX_IV87420.NASL", "AIX_IV87614.NASL", "AIX_IV87615.NASL", "AIX_IV87939.NASL", "AIX_NTP_V3_ADVISORY4.NASL", "AIX_NTP_V3_ADVISORY6.NASL", "AIX_NTP_V3_ADVISORY7.NASL", "AIX_NTP_V4_ADVISORY4.NASL", "AIX_NTP_V4_ADVISORY6.NASL", "AIX_NTP_V4_ADVISORY7.NASL", "AIX_OPENSSH_ADVISORY5.NASL", "AIX_OPENSSH_ADVISORY6.NASL", "ALA_ALAS-2015-568.NASL", "ALA_ALAS-2015-592.NASL", "ALA_ALAS-2015-593.NASL", "ALA_ALAS-2015-607.NASL", "ALA_ALAS-2015-625.NASL", "ALA_ALAS-2016-649.NASL", "ALA_ALAS-2016-708.NASL", "ALA_ALAS-2016-719.NASL", "ALA_ALAS-2016-727.NASL", "APPLETV_9_2_2.NASL", "APPLE_IOS_933_CHECK.NBIN", "ARISTA_EOS_SA0019.NASL", "CENTOS_RHSA-2015-2088.NASL", "CENTOS_RHSA-2016-0741.NASL", "CENTOS_RHSA-2016-0780.NASL", "CENTOS_RHSA-2016-1141.NASL", "CENTOS_RHSA-2016-1292.NASL", "CENTOS_RHSA-2016-2583.NASL", "DEBIAN_DLA-335.NASL", "DEBIAN_DLA-503.NASL", "DEBIAN_DLA-559.NASL", "DEBIAN_DSA-3388.NASL", "DEBIAN_DSA-3593.NASL", "DEBIAN_DSA-3629.NASL", "EULEROS_SA-2016-1060.NASL", "EULEROS_SA-2017-1124.NASL", "EULEROS_SA-2017-1125.NASL", "EULEROS_SA-2019-1555.NASL", "EULEROS_SA-2019-1556.NASL", "EULEROS_SA-2019-1798.NASL", "EULEROS_SA-2019-1858.NASL", "EULEROS_SA-2019-2013.NASL", "EULEROS_SA-2020-1208.NASL", "EULEROS_SA-2020-1474.NASL", "F5_BIGIP_SOL02360853.NASL", "F5_BIGIP_SOL05046514.NASL", "F5_BIGIP_SOL06288381.NASL", "F5_BIGIP_SOL11251130.NASL", "F5_BIGIP_SOL17263.NASL", "F5_BIGIP_SOL17461.NASL", "F5_BIGIP_SOL17516.NASL", "F5_BIGIP_SOL17517.NASL", "F5_BIGIP_SOL17529.NASL", "F5_BIGIP_SOL17530.NASL", "F5_BIGIP_SOL20804323.NASL", "F5_BIGIP_SOL24322529.NASL", "F5_BIGIP_SOL43205719.NASL", "F5_BIGIP_SOL54225343.NASL", "F5_BIGIP_SOL60352002.NASL", "F5_BIGIP_SOL63675293.NASL", "F5_BIGIP_SOL64505405.NASL", "FEDORA_2015-11063.NASL", "FEDORA_2015-11067.NASL", "FEDORA_2015-13469.NASL", "FEDORA_2015-14212.NASL", "FEDORA_2015-14213.NASL", "FEDORA_2015-77BFBC1BCD.NASL", "FEDORA_2015-F5F5EC7B6B.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-34BC10A2C8.NASL", "FEDORA_2016-5B2EB0BF9C.NASL", "FEDORA_2016-777D838C1B.NASL", "FEDORA_2016-8BB1932088.NASL", "FEDORA_2016-D717FDCF74.NASL", "FEDORA_2016-ED8C6C0426.NASL", "FEDORA_2017-A3A47973EB.NASL", "FEDORA_2017-BE8574D593.NASL", "FREEBSD_PKG_2920C449485011E5825FC80AA9043978.NASL", "FREEBSD_PKG_5237F5D7C02011E5B397D050996490D0.NASL", "FREEBSD_PKG_B2487D9A0C3011E6ACD0D050996490D0.NASL", "FREEBSD_PKG_C4A18A1277FC11E5A687206A8A720317.NASL", "FREEBSD_PKG_E195679D045B4953BB33BE0073BA2AC6.NASL", "GENTOO_GLSA-201512-04.NASL", "GENTOO_GLSA-201607-15.NASL", "GENTOO_GLSA-201701-37.NASL", "ITUNES_12_4_2.NASL", "ITUNES_12_4_2_BANNER.NASL", "JUNIPER_JSA10916.NASL", "JUNIPER_JSA10940.NASL", "JUNIPER_SPACE_JSA_10826.NASL", "LCE_4_8_1.NASL", "MACOSX_10_11_1.NASL", "MACOSX_10_11_6.NASL", "MACOSX_SECUPD2016-004.NASL", "NTP_4_2_8P4.NASL", "NTP_4_2_8P5.NASL", "NTP_4_2_8P6.NASL", "NTP_4_2_8P7.NASL", "OPENSSH_69.NASL", "OPENSSH_70.NASL", "OPENSUSE-2015-767.NASL", "OPENSUSE-2016-1525.NASL", "OPENSUSE-2016-578.NASL", "OPENSUSE-2016-583.NASL", "OPENSUSE-2016-599.NASL", "OPENSUSE-2016-649.NASL", "OPENSUSE-2016-662.NASL", "OPENSUSE-2016-733.NASL", "OPENSUSE-2016-734.NASL", "ORACLELINUX_ELSA-2015-2088.NASL", "ORACLELINUX_ELSA-2016-0741.NASL", "ORACLELINUX_ELSA-2016-0780.NASL", "ORACLELINUX_ELSA-2016-1141.NASL", "ORACLELINUX_ELSA-2016-1292.NASL", "ORACLELINUX_ELSA-2016-2583.NASL", "ORACLEVM_OVMSA-2016-0082.NASL", "ORACLEVM_OVMSA-2016-0087.NASL", "ORACLEVM_OVMSA-2017-0165.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2018.NBIN", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2017.NASL", "PFSENSE_SA-15_08.NASL", "PFSENSE_SA-16_02.NASL", "REDHAT-RHSA-2015-2088.NASL", "REDHAT-RHSA-2016-0741.NASL", "REDHAT-RHSA-2016-0780.NASL", "REDHAT-RHSA-2016-1141.NASL", "REDHAT-RHSA-2016-1292.NASL", "REDHAT-RHSA-2016-1552.NASL", "REDHAT-RHSA-2016-2583.NASL", "SLACKWARE_SSA_2015-302-03.NASL", "SLACKWARE_SSA_2016-054-04.NASL", "SLACKWARE_SSA_2016-120-01.NASL", "SLACKWARE_SSA_2016-148-01.NASL", "SL_20151119_OPENSSH_ON_SL7_X.NASL", "SL_20160510_NTP_ON_SL6_X.NASL", "SL_20160510_OPENSSH_ON_SL6_X.NASL", "SL_20160531_NTP_ON_SL6_X.NASL", "SL_20160623_LIBXML2_ON_SL6_X.NASL", "SL_20161103_NTP_ON_SL7_X.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2015-1544-1.NASL", "SUSE_SU-2015-1547-1.NASL", "SUSE_SU-2015-1547-2.NASL", "SUSE_SU-2015-1581-1.NASL", "SUSE_SU-2015-1695-1.NASL", "SUSE_SU-2015-1840-1.NASL", "SUSE_SU-2015-2058-1.NASL", "SUSE_SU-2016-1175-1.NASL", "SUSE_SU-2016-1177-1.NASL", "SUSE_SU-2016-1204-1.NASL", "SUSE_SU-2016-1205-1.NASL", "SUSE_SU-2016-1247-1.NASL", "SUSE_SU-2016-1278-1.NASL", "SUSE_SU-2016-1291-1.NASL", "SUSE_SU-2016-1311-1.NASL", "SUSE_SU-2016-1538-1.NASL", "SUSE_SU-2016-1568-1.NASL", "SUSE_SU-2016-1604-1.NASL", "SUSE_SU-2016-1912-1.NASL", "SUSE_SU-2016-3193-1.NASL", "SUSE_SU-2016-3195-1.NASL", "SUSE_SU-2016-3196-1.NASL", "SUSE_SU-2017-0255-1.NASL", "UBUNTU_USN-2710-1.NASL", "UBUNTU_USN-2710-2.NASL", "UBUNTU_USN-2783-1.NASL", "UBUNTU_USN-2994-1.NASL", "UBUNTU_USN-3096-1.NASL", "WEBSPHERE_711865.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105317", "OPENVAS:1361412562310105666", "OPENVAS:1361412562310105668", "OPENVAS:1361412562310105726", "OPENVAS:1361412562310106510", "OPENVAS:1361412562310106754", "OPENVAS:1361412562310120092", "OPENVAS:1361412562310120093", "OPENVAS:1361412562310120114", "OPENVAS:1361412562310120597", "OPENVAS:1361412562310120615", "OPENVAS:1361412562310120639", "OPENVAS:1361412562310120697", "OPENVAS:1361412562310120708", "OPENVAS:1361412562310120716", "OPENVAS:1361412562310121426", "OPENVAS:1361412562310122744", "OPENVAS:1361412562310130039", "OPENVAS:1361412562310130107", "OPENVAS:1361412562310131100", "OPENVAS:1361412562310131203", "OPENVAS:1361412562310703388", "OPENVAS:1361412562310703593", "OPENVAS:1361412562310703629", "OPENVAS:1361412562310806049", "OPENVAS:1361412562310806052", "OPENVAS:1361412562310806128", "OPENVAS:1361412562310806148", "OPENVAS:1361412562310806533", "OPENVAS:1361412562310807227", "OPENVAS:1361412562310807293", "OPENVAS:1361412562310807567", "OPENVAS:1361412562310808023", "OPENVAS:1361412562310808312", "OPENVAS:1361412562310808467", "OPENVAS:1361412562310808523", "OPENVAS:1361412562310808530", "OPENVAS:1361412562310808538", "OPENVAS:1361412562310808563", "OPENVAS:1361412562310808568", "OPENVAS:1361412562310809478", "OPENVAS:1361412562310810210", "OPENVAS:1361412562310810227", "OPENVAS:1361412562310810748", "OPENVAS:1361412562310811253", "OPENVAS:1361412562310842409", "OPENVAS:1361412562310842418", "OPENVAS:1361412562310842504", "OPENVAS:1361412562310842783", "OPENVAS:1361412562310842905", "OPENVAS:1361412562310851300", "OPENVAS:1361412562310851310", "OPENVAS:1361412562310851318", "OPENVAS:1361412562310851331", "OPENVAS:1361412562310851336", "OPENVAS:1361412562310851340", "OPENVAS:1361412562310851341", "OPENVAS:1361412562310869736", "OPENVAS:1361412562310869737", "OPENVAS:1361412562310869911", "OPENVAS:1361412562310871506", "OPENVAS:1361412562310871612", "OPENVAS:1361412562310871613", "OPENVAS:1361412562310871622", "OPENVAS:1361412562310871634", "OPENVAS:1361412562310871685", "OPENVAS:1361412562310872590", "OPENVAS:1361412562310872591", "OPENVAS:1361412562310882495", "OPENVAS:1361412562310882500", "OPENVAS:1361412562310882513", "OPENVAS:1361412562310882515", "OPENVAS:1361412562310891500", "OPENVAS:1361412562311220161060", "OPENVAS:1361412562311220171124", "OPENVAS:1361412562311220171125", "OPENVAS:1361412562311220191555", "OPENVAS:1361412562311220191556", "OPENVAS:1361412562311220191798", "OPENVAS:1361412562311220191858", "OPENVAS:1361412562311220192013", "OPENVAS:1361412562311220201208", "OPENVAS:1361412562311220201474", "OPENVAS:703388", "OPENVAS:703593", "OPENVAS:703629"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2019", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2088", "ELSA-2016-0741", "ELSA-2016-0780", "ELSA-2016-1141", "ELSA-2016-1292", "ELSA-2016-2583", "ELSA-2017-3071"]}, {"type": "osv", "idList": ["OSV:DLA-1500-1", "OSV:DLA-1500-2", "OSV:DLA-288-1", "OSV:DLA-335-1", "OSV:DLA-503-1", "OSV:DLA-559-1", "OSV:DSA-3388-1", "OSV:DSA-3593-1", "OSV:DSA-3629-1", "OSV:GHSA-5GGR-MPGW-3MGX", "OSV:GHSA-7JW3-5Q4W-89QG"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136900"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0019"]}, {"type": "redhat", "idList": ["RHSA-2015:2088", "RHSA-2016:0741", "RHSA-2016:0780", "RHSA-2016:1141", "RHSA-2016:1292", "RHSA-2016:1552", "RHSA-2016:2583", "RHSA-2016:2957"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1181", "RH:CVE-2016-1182", "RH:CVE-2016-3705", "RH:CVE-2016-4447", "RH:CVE-2016-4483", "RH:CVE-2016-4953", "RH:CVE-2016-4956", "RH:CVE-2016-4957", "RH:CVE-2016-9597"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32566", "SECURITYVULNS:DOC:32649", "SECURITYVULNS:VULN:14702", "SECURITYVULNS:VULN:14751"]}, {"type": "seebug", "idList": ["SSV:96647", "SSV:96649", "SSV:96784", "SSV:96786", "SSV:96787"]}, {"type": "slackware", "idList": ["SSA-2015-302-03", "SSA-2016-054-04", "SSA-2016-120-01", "SSA-2016-148-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1292-1", "OPENSUSE-SU-2016:1329-1", "OPENSUSE-SU-2016:1594-1", "OPENSUSE-SU-2016:1595-1", "SUSE-SU-2015:1581-1", "SUSE-SU-2016:1175-1", "SUSE-SU-2016:1177-1", "SUSE-SU-2016:1247-1", "SUSE-SU-2016:1278-1", "SUSE-SU-2016:1291-1", "SUSE-SU-2016:1311-1", "SUSE-SU-2016:1471-1", "SUSE-SU-2016:1538-1", "SUSE-SU-2016:1568-1", "SUSE-SU-2016:1604-1", "SUSE-SU-2016:1912-1", "SUSE-SU-2016:2094-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "symantec", "idList": ["SMNTC-1335", "SMNTC-1337", "SMNTC-1350", "SMNTC-1377", "SMNTC-91068"]}, {"type": "talos", "idList": ["TALOS-2015-0063", "TALOS-2016-0074", "TALOS-2016-0075", "TALOS-2016-0076", "TALOS-2016-0081", "TALOS-2016-0082", "TALOS-2016-0084", "TALOS-2016-0203", "TALOS-2016-0204"]}, {"type": "ubuntu", "idList": ["USN-2710-1", "USN-2710-2", "USN-2783-1", "USN-2994-1", "USN-3096-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5194", "UB:CVE-2015-5195", "UB:CVE-2015-5219", "UB:CVE-2015-5352", "UB:CVE-2015-6563", "UB:CVE-2015-6564", "UB:CVE-2015-7691", "UB:CVE-2015-7692", "UB:CVE-2015-7701", "UB:CVE-2015-7702", "UB:CVE-2015-7703", "UB:CVE-2015-7852", "UB:CVE-2015-7977", "UB:CVE-2015-7978", "UB:CVE-2015-7979", "UB:CVE-2016-1181", "UB:CVE-2016-1182", "UB:CVE-2016-1547", "UB:CVE-2016-1548", "UB:CVE-2016-1550", "UB:CVE-2016-2518", "UB:CVE-2016-3627", "UB:CVE-2016-3705", "UB:CVE-2016-4447", "UB:CVE-2016-4483", "UB:CVE-2016-4953", "UB:CVE-2016-4956", "UB:CVE-2016-4957", "UB:CVE-2016-9596", "UB:CVE-2016-9597"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSH_ADVISORY7.ASC"]}, {"type": "amazon", "idList": ["ALAS-2015-568"]}, {"type": "apple", "idList": ["APPLE:HT206903"]}, {"type": "archlinux", "idList": ["ASA-201510-14"]}, {"type": "centos", "idList": ["CESA-2016:1141", "CESA-2016:1292"]}, {"type": "cert", "idList": ["VU:718152"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1082"]}, {"type": "cisco", "idList": ["CISCO-SA-20151021-NTP"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0B67E4FF46553AC705FD601C96C1A6B6"]}, {"type": "cve", "idList": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-7691", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-3705", "CVE-2016-4447"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1500-1:E6BD7", "DEBIAN:DLA-559-1:E64BA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5194", "DEBIANCVE:CVE-2015-7977", "DEBIANCVE:CVE-2016-1547", "DEBIANCVE:CVE-2016-1548", "DEBIANCVE:CVE-2016-3627", "DEBIANCVE:CVE-2016-3705", "DEBIANCVE:CVE-2016-4447"]}, {"type": "f5", "idList": ["F5:K05046514", "F5:K43205719", "F5:K64505405", "SOL02360853", "SOL17263", "SOL17461", "SOL17516", "SOL17517", "SOL17529", "SOL17530", "SOL20804323", "SOL23453330", "SOL43205719", "SOL60352002", "SOL63675293"]}, {"type": "fedora", "idList": ["FEDORA:16651604E476", "FEDORA:E91026051DE7"]}, {"type": "freebsd", "idList": ["2920C449-4850-11E5-825F-C80AA9043978", "5237F5D7-C020-11E5-B397-D050996490D0", "C4A18A12-77FC-11E5-A687-206A8A720317"]}, {"type": "gentoo", "idList": ["GLSA-201701-37"]}, {"type": "ibm", "idList": ["4E0F3F37822FD6C37F3F06A94F967EABE3AAC2F9D4382E4932DAA8EA6754AFF7", "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "743DC93C2E4EF47CECE36F8B7C060480B640A7FAA0F558539F5D22DEB5ACF3B7", "840E0B75D9A525859E6D257E20A9FBDAABF9390C554A5CEE157B1DD3B19422FA", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4"]}, {"type": "ics", "idList": ["ICSA-21-159-11"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/F5-BIG-IP-CVE-2016-3705/", "MSF:ILITIES/GENTOO-LINUX-CVE-2015-6564/", "MSF:ILITIES/IBM-AIX-CVE-2015-7691/", "MSF:ILITIES/IBM-AIX-CVE-2015-7692/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2016-3705/", "MSF:ILITIES/REDHAT_LINUX-CVE-2015-7701/", "MSF:ILITIES/SUSE-CVE-2015-7855/"]}, {"type": "nessus", "idList": ["9430.PRM", "AIX_IV79945.NASL", "ALA_ALAS-2016-708.NASL", "APPLE_IOS_933_CHECK.NBIN", "DEBIAN_DLA-335.NASL", "DEBIAN_DLA-503.NASL", "F5_BIGIP_SOL05046514.NASL", "F5_BIGIP_SOL17517.NASL", "F5_BIGIP_SOL24322529.NASL", "F5_BIGIP_SOL60352002.NASL", "FEDORA_2015-11067.NASL", "FEDORA_2015-77BFBC1BCD.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-5B2EB0BF9C.NASL", "FEDORA_2016-777D838C1B.NASL", "FEDORA_2016-D717FDCF74.NASL", "FEDORA_2016-ED8C6C0426.NASL", "ITUNES_12_4_2.NASL", "OPENSSH_69.NASL", "OPENSUSE-2015-767.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2018.NBIN", "REDHAT-RHSA-2016-0780.NASL", "REDHAT-RHSA-2016-1292.NASL", "SLACKWARE_SSA_2015-302-03.NASL", "SLACKWARE_SSA_2016-148-01.NASL", "SL_20151119_OPENSSH_ON_SL7_X.NASL", "SL_20160531_NTP_ON_SL6_X.NASL", "SUSE_SU-2015-1547-2.NASL", "SUSE_SU-2016-1538-1.NASL", "SUSE_SU-2016-1604-1.NASL", "UBUNTU_USN-2994-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122744", "OPENVAS:1361412562310806049", "OPENVAS:1361412562310807227", "OPENVAS:1361412562310808530", "OPENVAS:1361412562310872590", "OPENVAS:1361412562310882500", "OPENVAS:1361412562311220171125", "OPENVAS:1361412562311220191798"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2583"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136900"]}, {"type": "redhat", "idList": ["RHSA-2016:1292"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1181"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14751"]}, {"type": "seebug", "idList": ["SSV:96784"]}, {"type": "slackware", "idList": ["SSA-2016-054-04"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1247-1", "SUSE-SU-2016:1311-1"]}, {"type": "symantec", "idList": ["SMNTC-1350"]}, {"type": "talos", "idList": ["TALOS-2016-0084"]}, {"type": "ubuntu", "idList": ["USN-2710-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-1550"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm security privileged identity manager", "version": 2}]}, "epss": [{"cve": "CVE-2015-5194", "epss": "0.009410000", "percentile": "0.807240000", "modified": "2023-03-17"}, {"cve": "CVE-2015-5195", "epss": "0.010550000", "percentile": "0.817960000", "modified": "2023-03-17"}, {"cve": "CVE-2015-5219", "epss": "0.010330000", "percentile": "0.815930000", "modified": "2023-03-17"}, {"cve": "CVE-2015-5352", "epss": "0.012360000", "percentile": "0.833270000", "modified": "2023-03-17"}, {"cve": "CVE-2015-6563", "epss": "0.000440000", "percentile": "0.081930000", "modified": "2023-03-17"}, {"cve": "CVE-2015-6564", "epss": "0.000440000", "percentile": "0.081930000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7691", "epss": "0.022410000", "percentile": "0.877940000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7692", "epss": "0.045150000", "percentile": "0.911800000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7701", "epss": "0.062340000", "percentile": "0.924340000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7702", "epss": "0.012100000", "percentile": "0.831170000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7703", "epss": "0.577360000", "percentile": "0.971340000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7852", "epss": "0.045490000", "percentile": "0.912100000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7977", "epss": "0.007390000", "percentile": "0.779210000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7978", "epss": "0.046550000", "percentile": "0.913140000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7979", "epss": "0.046790000", "percentile": "0.913370000", "modified": "2023-03-17"}, {"cve": "CVE-2016-0353", "epss": "0.001550000", "percentile": "0.500940000", "modified": "2023-03-18"}, {"cve": "CVE-2016-1181", "epss": "0.022080000", "percentile": "0.876950000", "modified": "2023-03-17"}, {"cve": "CVE-2016-1182", "epss": "0.334130000", "percentile": "0.963580000", "modified": "2023-03-17"}, {"cve": "CVE-2016-1547", "epss": "0.005250000", "percentile": "0.733730000", "modified": "2023-03-17"}, {"cve": "CVE-2016-1548", "epss": "0.005480000", "percentile": "0.739420000", "modified": "2023-03-17"}, {"cve": "CVE-2016-1550", "epss": "0.004360000", "percentile": "0.707230000", "modified": "2023-03-17"}, {"cve": "CVE-2016-2518", "epss": "0.003010000", "percentile": "0.648040000", "modified": "2023-03-17"}, {"cve": "CVE-2016-2996", "epss": "0.000820000", "percentile": "0.332190000", "modified": "2023-03-18"}, {"cve": "CVE-2016-3627", "epss": "0.006970000", "percentile": "0.772010000", "modified": "2023-03-18"}, {"cve": "CVE-2016-3705", "epss": "0.009100000", "percentile": "0.803760000", "modified": "2023-03-18"}, {"cve": "CVE-2016-4447", "epss": "0.001810000", "percentile": "0.535640000", "modified": "2023-03-17"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1676958788, "score": 1698843920, "affected_software_major_version": 1677355290, "epss": 1679165106}, "_internal": {"score_hash": "55eafaec0b375c03c464d37390e1227e"}, "affectedSoftware": [{"version": "2.0.2", "operator": "eq", "name": "ibm security privileged identity manager"}]}

{"ibm": [{"lastseen": "2023-02-21T01:50:29", "description": "## Summary\n\nThere are multiple vulnerabilities in NTP that is used by IBM Security Network Protection. These vulnerabilities include CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, and CVE-2016-2518.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-5194_](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107595_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107595>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5195_](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107596_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107596>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5219_](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107597_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107597>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7852_](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107439_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107439>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7977_](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.10 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.4 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:43:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2018-06-16T21:43:27", "id": "840E0B75D9A525859E6D257E20A9FBDAABF9390C554A5CEE157B1DD3B19422FA", "href": "https://www.ibm.com/support/pages/node/281921", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:19", "description": "## Summary\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. \n \nIBM Security Access Manager for Mobile is affected by vulnerabilities in NTP. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5194_](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107595_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107595>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-5195_](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107596_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107596>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5219_](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107597_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107597>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7977_](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile 8.0, all firmware versions \n\nIBM Security Access Manager 9.0, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Mobile| 8.0.0.0 - \n8.0.1.4| IV87150 | 1\\. For releases prior to 8.0.1.4, upgrade to 8.0.1.4: \n[8.0.1-ISS-ISAM-FP0004](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \n2\\. Apply 8.0.1.4 Interim Fix 2: \n[8.0.1.4-ISS-ISAM-IF0002](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0| IV87153 | 1\\. For 9.0 environments, upgrade to 9.0.1.0: \n[IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n2\\. Apply 9.0.1.0 Interim Fix 4: \n[_9.0.1.0-ISS-ISAM-IF0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:45:47", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in NTP", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2018-06-16T21:45:47", "id": "A58DA96E56F6C8713021FE70BABF6FE8D1BDE857288DB3839F4DC087C1E95668", "href": "https://www.ibm.com/support/pages/node/550435", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:19", "description": "## Summary\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. \n \nIBM Security Access Manager for Web is affected by vulnerabilities in NTP. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5194_](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107595_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107595>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-5195_](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107596_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107596>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5219_](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107597_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107597>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7977_](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web 7.0 appliances \n\nIBM Security Access Manager for Web 8.0, all firmware versions\n\nIBM Security Access Manager 9.0, all firmware versions\n\n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 (appliance)| IV87108| Apply Interim Fix 26: \n[7.0.0-ISS-WGA-IF0026](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0.0.0 - \n8.0.1.4| IV87124 | 1\\. For versions prior to 8.0.1.4, upgrade to 8.0.1.4:[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n[_8.0.1-ISS-WGA-FP0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n2\\. Apply 8.0.1.4 Interim Fix 2: \n[_8.0.1.4-ISS-WGA-IF0002_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager| 9.0| IV87153 | 1\\. For versions prior to 9.0.1.0, upgrade to 9.0.1.0: \n[IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n2\\. Apply 9.0.1.0 Interim Fix 4: \n[_9.0.1.0-ISS-ISAM-IF0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:45:47", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in NTP", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2018-06-16T21:45:47", "id": "CCACF79B71B719DCED3056EA93C9CF9EF0251309B57479F56594DD483F2026B4", "href": "https://www.ibm.com/support/pages/node/550431", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T01:50:25", "description": "## Summary\n\nVulnerabilities in Network Time Protocol (NTP) that is used by IBM Security Identity Governance\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5194_](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107595_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107595>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-5195_](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107596_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107596>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5219_](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107597_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107597>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7852_](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107439_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107439>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7977_](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Identity Governance and Intelligence 5.2.1\n\n## Remediation/Fixes\n\nIBM Security Identity Governance and Intelligence\n\n| 5.2.1| None| [5.2.1.2-ISS-SIGI-IF003](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.1.0&platform=Linux&function=all>) \n---|---|---|--- \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:44:26", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Ntp affect IBM Security Identity Governance", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2018-06-16T21:44:26", "id": "4C7ABD6184F07492CD3E68920C652DDC7C12A362007F11DC73BF8127F338162D", "href": "https://www.ibm.com/support/pages/node/284655", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:52:30", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in Network Time Protocol (NTP). IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5194_](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107595_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107595>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-5195_](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107596_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107596>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5196_](<https://vulners.com/cve/CVE-2015-5196>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118816_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118816>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2015-5219_](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107597_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107597>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7852_](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107439_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107439>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7974_](<https://vulners.com/cve/CVE-2015-7974>)** \nDESCRIPTION:** NTP could allow a remote authenticated attacker to conduct spoofing attacks, caused by a missing key check. An attacker could exploit this vulnerability to impersonate a peer. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110019_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110019>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7977_](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8158_](<https://vulners.com/cve/CVE-2015-8158>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper processing of incoming packets by ntpq. By sending specially crafted data, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110026_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110026>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed as of 3.1.0.2 update 4 or later.\n\nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed as of PowerKVM 2.1.1.3-65 update 14 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n\nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-06-18T01:34:47", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in NTP affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8158"], "modified": "2018-06-18T01:34:47", "id": "3E49CBEB811DC6FB2148BB6760DCF7F4195742A227E331F2B6FC77F6E3E6FB47", "href": "https://www.ibm.com/support/pages/node/630459", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:15:07", "description": "## Summary\n\nNTP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPower HMC V7.7.9.0 \nPower HMC V8.8.1.0 \nPower HMC V8.8.2.0 \nPower HMC V8.8.3.0 \nPower HMC V8.8.4.0 \nPower HMC V8.8.5.0\n\n## Remediation/Fixes\n\n \nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.9.0 SP3\n\n| \n\nMB04029\n\n| \n\n[MH01644](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V7R7.9.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.1.0 SP3\n\n| \n\nMB04030\n\n| \n\n[MH01645](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.1.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.2.0 SP2\n\n| \n\nMB04031\n\n| \n\n[MH01646](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.2.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.3.0 SP2\n\n| \n\nMB04032\n\n| \n\n[MH01647](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.3.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.4.0 SP1\n\n| \n\nMB04033\n\n| \n\n[MH01648](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.4.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.5.0\n\n| \n\nMB04035\n\n| \n\n[MH01651](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.5.0&platform=All>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in NTP affect Power Hardware Management Console", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7703", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2021-09-23T01:31:39", "id": "6366F9365DC3A4D56C669462E1CDF705517C5A22BD2429D5D47562A8B5941659", "href": "https://www.ibm.com/support/pages/node/667371", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:22", "description": "## Summary\n\nThere are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0351_](<https://vulners.com/cve/CVE-2016-0351>)** \nDESCRIPTION:** IBM Security Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0367_](<https://vulners.com/cve/CVE-2016-0367>)** \nDESCRIPTION:** IBM Security Identity Manager Virtual Appliance displays sensitive information in an error message that an authenticated user could use to perform further attacks against the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112072_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112072>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0353_](<https://vulners.com/cve/CVE-2016-0353>)** \nDESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111892_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111892>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-1762_](<https://vulners.com/cve/CVE-2016-1762>)** \nDESCRIPTION:** Apple Safari and Apple iOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111628_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111628>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-1833_](<https://vulners.com/cve/CVE-2016-1833>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1834_](<https://vulners.com/cve/CVE-2016-1834>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1835_](<https://vulners.com/cve/CVE-2016-1835>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113329_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113329>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1836_](<https://vulners.com/cve/CVE-2016-1836>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113330_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113330>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1837_](<https://vulners.com/cve/CVE-2016-1837>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113331_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113331>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1838_](<https://vulners.com/cve/CVE-2016-1838>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113332_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113332>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4448_](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4449_](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1839_](<https://vulners.com/cve/CVE-2016-1839>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113333_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113333>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1840_](<https://vulners.com/cve/CVE-2016-1840>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113334_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113334>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3705_](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4447_](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-3627_](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [_CVE-2015-5194_](<https://vulners.com/cve/CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107595_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107595>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-5195_](<https://vulners.com/cve/CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107596_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107596>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5219_](<https://vulners.com/cve/CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107597_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107597>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7852_](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107439_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107439>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7977_](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n \n\n\n## Affected Products and Versions\n\nIBM Security Identity Manager Virtual Appliance versions 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.1.0, 7.0.1.1, 7.0.1.3\n\n## Remediation/Fixes\n\nEnsure that the version listed below is installed on the system. \n\nProduct Version| Fix level \n---|--- \nIBM Security Identity Manager (ISIM) Virtual Appliance releases 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.1.0, 7.0.1.1, 7.0.1.3 \n \nNote: Interim Fix 1 (7.0.1.3-ISS-SIM-IF0001) requires ISIM fix pack 7.0.1.3 (7.0.1-ISS-SIM-FP0003) to be installed first. The 7.0.1.3 fix pack is available on Fix Central. \n \nUpgrading from firmware version 7.0.0.0 to 7.0.1.3 requires intermediate upgrade to 7.0.0.2 or 7.0.1.0. Upgrading from 7.0.0.2 or later requires no intermediate upgrade.| Apply \nIBM Security Identity Manager (ISIM)[ 7.0.1.3-ISS-SIM-IF0002](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1.3-ISS-SIM-IF0002&source=SAR>) \n \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:45:37", "type": "ibm", "title": "Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-0351", "CVE-2016-0353", "CVE-2016-0367", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2518", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:45:37", "id": "C9A098A495C84449FE37F5185D9511BAF41B34B7A322B48105FF2EE7EC21E28E", "href": "https://www.ibm.com/support/pages/node/549933", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:39:36", "description": "## Summary\n\nNTP, OpenSSL, GNU glibc and Libreswan are used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n \n \n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2015-7852_](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107439_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107439>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7704_](<https://vulners.com/cve/CVE-2015-7704>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By sending spoofed Kiss-o'-Death packets, an attacker could exploit this vulnerability to disable NTP at a victim client. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107446_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107446>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7977_](<https://vulners.com/cve/CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<https://vulners.com/cve/CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2015-8138_](<https://vulners.com/cve/CVE-2015-8138>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending a specially crafted packet with an origin timestamp of zero, an attacker could exploit this vulnerability to bypass the timestamp validation check. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110025_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110025>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-8158_](<https://vulners.com/cve/CVE-2015-8158>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper processing of incoming packets by ntpq. By sending specially crafted data, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110026_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110026>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5229_](<https://vulners.com/cve/CVE-2015-5229>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the return of memory areas containing non-zero bytes by the calloc implementation. A remote attacker could exploit this vulnerability to cause the application to crash or hang. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110711_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110711>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2109_](<https://vulners.com/cve/CVE-2016-2109>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory allocation error. By reading specially crafted ASN.1 data from a BIO using functions such as d2i_CMS_bio(), an attacker could exploit this vulnerability to consume all available resources and exhaust memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2107_](<https://vulners.com/cve/CVE-2016-2107>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error when the connection uses an AES CBC cipher and the server support AES-NI. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt traffic. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2105_](<https://vulners.com/cve/CVE-2016-2105>)** \nDESCRIPTION:** OpenSSL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the EVP_EncodeUpdate() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2106_](<https://vulners.com/cve/CVE-2016-2106>)** \nDESCRIPTION:** OpenSSL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the EVP_EncryptUpdate() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Netezza Host Management 5.4.5.0 (and prior releases).\n\n## Remediation/Fixes\n\n[IBM Netezza Host Management 5.4.6.0 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%CB%9CInformation+Management&product=ibm/Information+Management/Netezza+Platform&release=HOSTMGMT_5&platform=All&function=fixId&fixids=5.4.6.0-IM-Netezza-HOSTMGMT-fp112150>) \n \n\n\n \n| 3-disk set for IBM Netezza Host Management v5.4.6. The nz-hostmgmt-v5.4.6.0.tar.gz file and Disk 1 are the Host Management software for IBM PureData System for Analytics N3001, N200x, N100x, and IBM Netezza C1000/1000/100. Also included is the Guardium Installation Manager GIM. The content of Disk 1 is the same as Host Management 5.4.4. Disk 2 contains critical patches as of July 2016 to RHEL 5.x for N100x, and IBM Netezza C1000/1000/100 systems. Disk 3 contains critical patches as of July 2016 to RHEL 6.x for N200x/N3001 systems. \n---|--- \nFor more details on IBM Netezza Host Management security patching: \n\n * [_Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliances_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615012>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-18T03:10:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in NTP, OpenSSL and GNU glibc affect IBM Netezza Host Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1798", "CVE-2015-1799", "CVE-2015-5229", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2518"], "modified": "2019-10-18T03:10:29", "id": "D5D68C274689503F08DAB338007FECB9B03D6956ECF160CECB37263C1DB02BAC", "href": "https://www.ibm.com/support/pages/node/283149", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T21:41:16", "description": "## Summary\n\nIBM SmartCloud Entry is vulnerable to multiple OpenSSH vulnerabilities. An attacker could exploit these vulnerabilities to bypass XSECURITY restrictions, conduct impersonation attacks, or gain elevated privileges on the system. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5352_](<https://vulners.com/cve/CVE-2015-5352>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 21 \nIBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 21\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM SmartCloud Entry| 2.2| None| IBM SmartCloud Entry 2.2.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Starter+Kit+for+Cloud&fixids=2.2.0.4-IBM-SKC_APPL-FP007&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Starter+Kit+for+Cloud&fixids=2.2.0.4-IBM-SKC_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP007&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP007&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 22: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP22&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP22&source=SAR>) \nIBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 22: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP22&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP22&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: Openssh vulnerabilities affect IBM SmartClound Entry (CVE-2015-5352 CVE-2015-6563 CVE-2015-6564)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2020-07-19T00:49:12", "id": "240E4A153FDD3A8964B6116AF3BBAAE543FEDD9CA876A2634452B1D556949026", "href": "https://www.ibm.com/support/pages/node/629381", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:24", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSH, which is used by IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5352_](<https://vulners.com/cve/CVE-2015-5352>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.10 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.4 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.3| Install Firmware 5.3.3.1 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:45:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2015-5352, CVE-2015-6563, and CVE-2015-6564)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2018-06-16T21:45:01", "id": "9A198E29B89BC7B60DB81DBE742451F1FE624D98485E73FFD7FB3A3EC3F754E6", "href": "https://www.ibm.com/support/pages/node/548167", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:15", "description": "## Summary\n\nIBM Security Identity Governance 5.2.1 appliances are affected by a vulnerability in openssh.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5352_](<https://vulners.com/cve/CVE-2015-5352>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Identity Governance and Intelligence 5.2.1 Virtual Appliance\n\n## Remediation/Fixes\n\nProduct Name \n\n| VRMF | APAR| Remediation/Fix \n---|---|---|--- \nIBM Security Identity Governance and Intelligence| 5.2.1| None| [ ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.0.0&platform=Linux&function=all>)[5.2.1.3-ISS-SIGI-IF0004 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.1.0&platform=Linux&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:46:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Open Source openssh affect IBM Security Identity Governance Appliance (CVE-2015-5352, CVE-2015-6563, CVE-2015-6564 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2018-06-16T21:46:31", "id": "0538F1F70BAB5FCA45754EDBB09CAF9B10581B95803B856B7E3B3E1BA0EC5E25", "href": "https://www.ibm.com/support/pages/node/552173", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:11", "description": "## Summary\n\nVulnerabilities have been identified in OpenSSH. IBM Security Access Manager appliances use OpenSSH and are affected by these vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5352_](<https://vulners.com/cve/CVE-2015-5352>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web 7.0 appliances \n\nIBM Security Access Manager for Web 8.0, all firmware versions\n\nIBM Security Access Manager for Mobile 8.0, all firmware versions\n\nIBM Security Access Manager 9.0, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 (appliance)| IV90714| Apply Interim Fix 28: \n[7.0.0-ISS-WGA-IF0028](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0.0.0 - \n8.0.1.4| IV90643| Upgrade to 8.0.1.5:[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n[_8.0.1-ISS-WGA-FP0005_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager for Mobile| 8.0.0.0 - \n8.0.1.4| IV90697| Upgrade to 8.0.1.5: \n[8.0.1-ISS-ISAM-FP0005](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0 - \n9.0.1.0| IV90477| Upgrade to 9.0.2.0: \n[IBM Security Access Manager V9.0.2 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-16T21:47:29", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in OpenSSH (CVE-2015-5352, CVE-2015-6563, CVE-2015-6564)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2018-06-16T21:47:29", "id": "DC20BBE5482A40A0BDAE82857A6E8472BDCBE4575896AE7B72100F6E785E7BF6", "href": "https://www.ibm.com/support/pages/node/554895", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:11", "description": "## Summary\n\nThere are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5352_](<https://vulners.com/cve/CVE-2015-5352>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Identity Manager Virtual Appliance versions 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.1.0, 7.0.1.1, 7.0.1.3\n\n## Remediation/Fixes\n\nEnsure that the version listed below is installed on the system. \n\nProduct Version| Fix level \n---|--- \nIBM Security Identity Manager (ISIM) Virtual Appliance releases 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.1.0, 7.0.1.1, 7.0.1.3 \n \nUpgrading from firmware version 7.0.0.0 to 7.0.1.3 requires intermediate upgrade to 7.0.0.2 or 7.0.1.0. Upgrading from 7.0.0.2 or later requires no intermediate upgrade.| Apply \nIBM Security Identity Manager (ISIM) [7.0.1-ISS-SIM-FP0004](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0004&source=SAR&function=fixId&parent=IBM%20Security>) \n \n \n## ", "cvss3": {}, "published": "2018-06-16T21:47:36", "type": "ibm", "title": "Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2018-06-16T21:47:36", "id": "6A7C55E1DDEAA4CEA3662F3BC88E017205C0D5FDEC4D5937CBB10031914E4301", "href": "https://www.ibm.com/support/pages/node/555333", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:53:04", "description": "## Summary\n\nPowerKVM is affected by several vulnerabilities in the Network Time Protocol. These vulnerabilities are now fixed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5300_](<https://vulners.com/cve/CVE-2015-5300>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to bypass security restrictions, caused by the failure to correctly implement the threshold limitation for the '-g' option. An attacker could exploit this vulnerability using man-in-the-middle techniques to intercept NTP traffic and make multiple steps larger than the panic threshold. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107594_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107594>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-7704_](<https://vulners.com/cve/CVE-2015-7704>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By sending spoofed Kiss-o'-Death packets, an attacker could exploit this vulnerability to disable NTP at a victim client. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107446_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107446>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n**CVEID:** [_CVE-2015-7979_](<https://vulners.com/cve/CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n**CVEID:** [_CVE-2016-1547_](<https://vulners.com/cve/CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<https://vulners.com/cve/CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<https://vulners.com/cve/CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<https://vulners.com/cve/CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n \nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>) for 3.1.0.2 (3.1.0 SP2) or later. \n \nFor version 2.1, see PowerKVM 2.1.1.3-65. Update 10 at [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>) or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:32:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in ntp affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5300", "CVE-2015-7704", "CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2018-06-18T01:32:32", "id": "6E3DD8D635F925ADFEC4EE4DA2F5B022F2EA3005D11E90E959C070E6C237363C", "href": "https://www.ibm.com/support/pages/node/629101", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-12T21:34:18", "description": "## Summary\n\nThere are vulnerabilities in OpenSSH to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of these vulnerabilities (CVE-2015-6563 and CVE-2015-6564) could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an impersonation attack.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>) \n**DESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>) \n**DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Products and Versions of FlashSystem V840\u2019s two node types \n** \n_Storage Node_ \n\u00b7 Machine Type Models (MTMs) affected include 9846-AE1 and 9848-AE1 \n\u00b7 Code versions affected include supported VRMFs: \no 1.3.0.0 \u2013 1.3.0.6 \n\u00b7 Code streams NOT affected: \no 1.4 stream \n \n_Controller Node _ \n\u00b7 MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1 \n\u00b7 Code streams NOT affected: \n\u00b7 7.6, 7.7, and 7.8 code streams were NOT affected\n\n## Remediation/Fixes\n\n_V840 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Storage Node VRMF __ \n_1.3 stream: 1.3.0.7_| _ __N/A_| [**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:32:32", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6563", "CVE-2015-6564"], "modified": "2018-06-18T00:32:32", "id": "743DC93C2E4EF47CECE36F8B7C060480B640A7FAA0F558539F5D22DEB5ACF3B7", "href": "https://www.ibm.com/support/pages/node/697005", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T18:21:21", "description": "## Summary\n\nThere are vulnerabilities in OpenSSH to which the IBM\u00ae FlashSystem\u2122 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities (CVE-2015-6563 and CVE-2015-6564) could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an impersonation attack.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>) \n**DESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>) \n**DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n\u00b7 FlashSystem 840 affected Machine Type Models (MTMs) include: \no 9840-AE1 and 9843-AE1 \n \n\u00b7 FlashSystem 900 affected MTMs include: \no 9840-AE2 and 9843-AE2 \n \n\u00b7 Code versions affected, for both FlashSystem 840 & 900, include supported VRMFs: \no 1.3.0.0 \u2013 1.3.0.6 \n \n\u00b7 Code streams NOT affected: \no 1.4 stream was NOT affected\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 & \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Fixed code VRMF __ \n_1.3 stream: 1.3.0.7_| _ __N/A_| [**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6563", "CVE-2015-6564"], "modified": "2023-02-18T01:45:50", "id": "4BD37C099764C81731DA3AA4637BAEEF6FB4F4E3785F77F55CBF8371598C955D", "href": "https://www.ibm.com/support/pages/node/697003", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T18:16:57", "description": "## Summary\n\nOpenSSH vulnerabilities were disclosed in May 2016 by the OpenSSH Project. OpenSSH is used by SAN Volume Controller and Storwize Family in its CLI. SAN Volume Controller and Storwize Family products have addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \n \nAll products are affected when running supported releases 1.1 to 7.5.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code levels or higher: \n \n7.6.1.5 \n7.7.0.4 \n7.7.1.2 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSH affect SAN Volume Controller and Storwize Family (CVE-2015-6563 CVE-2015-6564)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6563", "CVE-2015-6564"], "modified": "2023-03-29T01:48:02", "id": "1F1B1EC1594C7E19C2A176EDD701AA6199C4EBCB21A0B6EDACB2025E74C5B340", "href": "https://www.ibm.com/support/pages/node/696165", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:52:35", "description": "## Summary\n\nMultiple vulnerabilities have been identified in openSSH that is embedded in the IBM FSM. This fix addresses these vulnerabilities\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5352_](<https://vulners.com/cve/CVE-2015-5352>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2015-6563_](<https://vulners.com/cve/CVE-2015-6563>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-6564_](<https://vulners.com/cve/CVE-2015-6564>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-3115_](<https://vulners.com/cve/CVE-2016-3115>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. By sending specially crafted X11 credential data, an attacker could exploit this vulnerability to inject xauth commands and execute arbitrary commands on the system with the privileges of the victim. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111431_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111431>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-1908_](<https://vulners.com/cve/CVE-2016-1908>)** \nDESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of errors when generating authentication cookies for untrusted X11 forwarding. An attacker could exploit this vulnerability to gain access to the target local X server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110030_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110030>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.x \nFlex System Manager 1.3.3.x \nFlex System Manager 1.3.2.x\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n\n\nProduct | \n\nVRMF | \n\nAPAR | \n\nRemediation \n---|---|---|--- \nFlex System Manager| \n\n1.3.4.x | \n\nIT16775\n\n| Install [fsmfix1.3.4.0_IT16775](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT16775&function=fixId&parent=Flex%20System%20Manager%20Node>). \nFlex System Manager| \n\n1.3.3.x | \n\nIT16775\n\n| Install [fsmfix1.3.3.0_IT16775](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT16775&function=fixId&parent=Flex%20System%20Manager%20Node>). \nFlex System Manager| \n\n1.3.2.x | \n\nIT16775\n\n| Install [fsmfix1.3.2.0_IT16775](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT16775&function=fixId&parent=Flex%20System%20Manager%20Node>). \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>) \n \nFor 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:34:34", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-1908", "CVE-2016-3115"], "modified": "2018-06-18T01:34:34", "id": "1FEFA99A628B371AF9C2F1F278C6B1DF16518F0C3DBEEA0F5D263491A875731F", "href": "https://www.ibm.com/support/pages/node/630273", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:51:20", "description": "## Summary\n\nIBM Virtual Fabric 10Gb Switch Module has addressed the following vulnerabilities in libxml2.\n\n## Vulnerability Details\n\n## Summary\n\nIBM Virtual Fabric 10Gb Switch Module has addressed the following vulnerabilities in libxml2.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)\n\n**Description:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)\n\n**Description:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n\nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nProduct | Affected Version \n---|--- \nIBM Virtual Fabric 10Gb Switch Module \n(ibm_fw_bcsw_24-10g-7.8.10.0_anyos_noarch) | 7.8.10.0 \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: \n<http://www.ibm.com/support/fixcentral/>.\n\nProduct | Fix Version \n---|--- \nIBM Virtual Fabric 10Gb Switch Module \nibm_fw_bcsw_24-10g-7.8.11.0_anyos_noarch | 7.8.11.0 \n \nYou should verify applying this fix does not cause any compatibility issues.\n\n## Workaround(s) & Mitigation(s):\n\nNone\n\n## References:\n\n * [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide.html>)\n * [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n[Lenovo Product Security Advisories](<https://support.lenovo.com/us/en/product_security/home>)\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n13 September 2016: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:25:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module (CVE-2016-3627 CVE-2016-3705)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705"], "modified": "2019-01-31T02:25:02", "id": "E8E6A8757BD36A1AE21C604257C2836AA8D78A86EFD03A5C1EF42E9F5AFE974B", "href": "https://www.ibm.com/support/pages/node/868564", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:15:08", "description": "## Summary\n\nNTP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-7691_](<https://vulners.com/cve/CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-7692_](<https://vulners.com/cve/CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<https://vulners.com/cve/CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7702_](<https://vulners.com/cve/CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<https://vulners.com/cve/CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7704_](<https://vulners.com/cve/CVE-2015-7704>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By sending spoofed Kiss-o'-Death packets, an attacker could exploit this vulnerability to disable NTP at a victim client. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107446_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107446>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-7705_](<https://vulners.com/cve/CVE-2015-7705>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By \"priming the pump\" and sending a valid Kiss-o'-Death packet, an attacker could exploit this vulnerability to disable NTP at a victim client and prevent the client from updating its local clock. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107447_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107447>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-7848_](<https://vulners.com/cve/CVE-2015-7848>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an multiple integer overflows when processing malicious packets. By sending a specially crafted private mode packet, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107443_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107443>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7849_](<https://vulners.com/cve/CVE-2015-7849>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by a use-after-free in the password management functionality. By sending a specially crafted key file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107442_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107442>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7850_](<https://vulners.com/cve/CVE-2015-7850>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the remote configuration functionality. By sending a specially crafted configuration file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107441_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107441>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7851_](<https://vulners.com/cve/CVE-2015-7851>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the save_config function containing directory traversal sequences to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107440_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107440>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7852_](<https://vulners.com/cve/CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107439_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107439>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7853_](<https://vulners.com/cve/CVE-2015-7853>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107438_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107438>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7854_](<https://vulners.com/cve/CVE-2015-7854>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the password management functionality. By using a specially crafted key file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107437_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107437>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7855_](<https://vulners.com/cve/CVE-2015-7855>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107448_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107448>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7871_](<https://vulners.com/cve/CVE-2015-7871>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to bypass restrictions, caused by a logic error when handling specific crypto-NAK packets. By sending an NTP symmetric active crypto-NAK packet, an attacker could exploit this vulnerability to bypass the symmetric association authentication process and make arbitrary changes to system time. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107436_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107436>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n \n\n\nVersion\n\n| \n\nCVE List \n \n---|--- \n \nPower HMC V7.7.9.0\n\n| CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 \n \nPower HMC V8.8.6.0\n\n| CVE-2015-7703 CVE-2015-8158 CVE-2015-5196 CVE-2015-7979 CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 CVE-2015-7701 CVE-2015-7852 CVE-2015-7974 \n \n\n\n## Remediation/Fixes\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.9.0 SP3\n\n| \n\nMB03737\n\n| \n\n[Apply eFix MH01605](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.6.0\n\n| \n\nMB04060\n\n| \n\n[Apply eFix MH01674](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMC&release=V8R8.6.0&platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7705", "CVE-2015-7848", "CVE-2015-7849", "CVE-2015-7850", "CVE-2015-7851", "CVE-2015-7852", "CVE-2015-7853", "CVE-2015-7854", "CVE-2015-7855", "CVE-2015-7871", "CVE-2015-7974", "CVE-2015-7979", "CVE-2015-8158"], "modified": "2021-09-23T01:31:39", "id": "CF531CAC76DDBE4456F0820A7939858EA06E071B4052A5CE0992D88CE2442928", "href": "https://www.ibm.com/support/pages/node/666785", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:56:28", "description": "## Summary\n\nIBM DataPower Gateways has addressed vulnerabilities in processing certain XML files that could cause a denial of service or obtain sensitive information. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-4448_](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** `libxml2` could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted HTML file that contains malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-4449_](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** `libxml2` could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3627_](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the `xmlStringGetNodeList()` function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-3705_](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** `libxml2` is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds `read of xmlParserEntityCheck()` and `xmlParseAttValueComplex()` functions in `parser.c`. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4447_](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** `libxml2` is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM DataPower Gateways versions 7.2.0.0 to 7.2.0.8, 7.5.0.0 to 7.5.0.2, and 7.5.1.0 to 7.5.1.1.\n\n## Remediation/Fixes\n\nFix is available in versions 7.2.0.9, 7.5.0.3, and 7.5.1.2. Refer to [APAR IT16307](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT16307>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n\n_For DataPower customers using versions 6.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:06:13", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-15T07:06:13", "id": "2406147E7F1A480D16DAF974D9B99C2725C43B01A994C65A6210C059B36B3A7F", "href": "https://www.ibm.com/support/pages/node/551163", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:51:54", "description": "## Summary\n\nThe switch firmware deliverables listed below have addressed the applicable NTP CVEs.\n\n## Vulnerability Details\n\n## Summary\n\nThe switch firmware deliverables listed below have addressed the applicable NTP CVEs.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2015-7855](<https://vulners.com/cve/CVE-2015-7855>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107448> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2015-7871](<https://vulners.com/cve/CVE-2015-7871>)\n\n**Description:** Network Time Protocol (NTP) could allow a remote attacker to bypass restrictions, caused by a logic error when handling specific crypto-NAK packets. By sending an NTP symmetric active crypto-NAK packet, an attacker could exploit this vulnerability to bypass the symmetric association authentication process and make arbitrary changes to system time.\n\nCVSS Base Score: 7.2 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107436> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVE-ID:** [CVE-2015-7692](<https://vulners.com/cve/CVE-2015-7692>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107450> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2015-7691](<https://vulners.com/cve/CVE-2015-7691>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107449> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2015-7701](<https://vulners.com/cve/CVE-2015-7701>)\n\n**Description:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107444> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVE-ID:** [CVE-2015-7851](<https://vulners.com/cve/CVE-2015-7851>)\n\n**Description:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the save_config function containing directory traversal sequences to view arbitrary files on the system.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107440> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVE-ID:** [CVE-2015-7852](<https://vulners.com/cve/CVE-2015-7852>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n\nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107439> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVE-ID:** [CVE-2015-7853](<https://vulners.com/cve/CVE-2015-7853>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n\nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107438> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVE-ID:** [CVE-2015-7854](<https://vulners.com/cve/CVE-2015-7854>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the password management functionality. By using a specially crafted key file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n\nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107437> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVE-ID:** [CVE-2015-7702](<https://vulners.com/cve/CVE-2015-7702>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107451> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2015-7703](<https://vulners.com/cve/CVE-2015-7703>)\n\n**Description:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107445> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVE-ID:** [CVE-2015-7704](<https://vulners.com/cve/CVE-2015-7704>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By sending spoofed Kiss-o'-Death packets, an attacker could exploit this vulnerability to disable NTP at a victim client.\n\nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107446> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2015-7705](<https://vulners.com/cve/CVE-2015-7705>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By \"priming the pump\" and sending a valid Kiss-o'-Death packet, an attacker could exploit this vulnerability to disable NTP at a victim client and prevent the client from updating its local clock.\n\nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107447> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2015-7848](<https://vulners.com/cve/CVE-2015-7848>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an multiple integer overflows when processing malicious packets. By sending a specially crafted private mode packet, an attacker could exploit this vulnerability to cause the application to crash.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107443> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2015-7849](<https://vulners.com/cve/CVE-2015-7849>)\n\n**Description:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by a use-after-free in the password management functionality. By sending a specially crafted key file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n\nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107442> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected products and versions\n\nProduct | Affected Version \n---|--- \nIBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware | 9.1 \nQLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter | 7.10 \nQLogic Virtual Fabric Extension Module for IBM BladeCenter | 9.0 \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\nProduct | Fixed Version | Remediation \n---|---|--- \nIBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware | 9.1.7.03.00 | qlgc_fw_flex_9.1.7.03.00_anyos_noarch \nQLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter | 7.10.1.37.00 | qlgc_fw_bcsw_7.10.1.37.00_anyos_noarch \nQLogic Virtual Fabric Extension Module for IBM BladeCenter | 9.0.3.14.00 | qlgc_fw_bcsw_9.0.3.14.00_anyos_noarch \n \n## Workarounds and Mitigations\n\nNone.\n\n## References\n\n * [Complete CVSS V3 Guide](<http://www.first.org/cvss/user-guide>)\n * [On-line Calculator V3](<http://www.first.org/cvss/calculator/3.0>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>)\n\n**Change History** \n17 March 2016: Original Version Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-31T02:25:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7705", "CVE-2015-7848", "CVE-2015-7849", "CVE-2015-7851", "CVE-2015-7852", "CVE-2015-7853", "CVE-2015-7854", "CVE-2015-7855", "CVE-2015-7871"], "modified": "2019-01-31T02:25:02", "id": "9CD109FAA241B9CBEE12E0D3E6222573826B41666F349FCA120A55BB7B8EEF5A", "href": "https://www.ibm.com/support/pages/node/868468", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T01:54:48", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. \nInformation about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nCVEID: [CVE-2016-1181](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181>) \nDESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \nCVEID: [CVE-2016-1182](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182>) \nDESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM License Metric Tool 7.5 \nIBM Tivoli Asset Discovery for Distributed 7.5 \n \nIBM License Metric Tool 7.2.2 \nIBM Tivoli Asset Discovery for Distributed 7.2.2| WebSphere Application Server 7 \n \n \nWebSphere Application Server 6.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. \n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM License Metric Tool 7.5 \nIBM Tivoli Asset Discovery for Distributed 7.5 \n| WebSphere Application Server 7.0 \n| [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \n \nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM License Metric Tool 7.2.2 \nIBM Tivoli Asset Discovery for Distributed 7.2.2| WebSphere Application Server 6.1| Please contact support for any potential fixes. \n \n## Workarounds and Mitigations\n\n**N/A**\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.2.2;7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSHT5T\",\"label\":\"Tivoli Asset Discovery for Distributed\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"7.2.2;7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-26T21:17:25", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2021-04-26T21:17:25", "id": "1815BD265DEB0EE550962E1526DA1FE75BACA3823A20A4BCDA8ED078F9EC9C8D", "href": "https://www.ibm.com/support/pages/node/550369", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:02", "description": "## Summary\n\nStruts v2 vulnerabilities affect IBM Security Guardium. IBM Security Guardium has addressed the following vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Guardium | 10.0 - 10.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium | 10.0 - 10.5 | \n\nhttp://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p600_GPU_Nov-2018-V10.6&includeSupersedes=0&source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-12-13T20:35:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-12-13T20:35:01", "id": "F5BAF336C0FFA1A9715652B899383A9C6D730D8ADE9E07CAD68C90971C7F8249", "href": "https://www.ibm.com/support/pages/node/741659", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:08", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest, ClearQuest CM Server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x:**\n\nThis vulnerability affects only the server component.\n\n**Versions 7.1.x.x:**\n\nNot affected.\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is shipped with IBM Rational ClearQuest. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x| IBM WebSphere Application Server versions 8.5.5 Full Profile, 8.5 Full Profile, 8.0, 7.0| [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www.ibm.com/support/docview.wss?uid=swg21985995>) \n \n**ClearQuest Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n8.0.0.x \n8.0.1.x \n9.0.0.x| Apply the appropriate WebSphere Application Server fix directly to your CQ server host. No ClearQuest-specific steps are necessary. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-02-04T16:40:40", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2020-02-04T16:40:40", "id": "A4FDFC527D8A765D6247DDB806EE98612DA0FE7BCB4E133A742D7FA9A06E39DC", "href": "https://www.ibm.com/support/pages/node/284305", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:52:44", "description": "## Summary\n\nIBM Financial Transaction Manager for Corporate Payment Services open source Apache Struts Vulnerabilities (CVE-2016-1181 CVE-2016-1182)\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n\\- FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2, v2.1.1.3\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nFTM for Corporate Payment Services| 2.1.1.0, \n2.1.1.1, \n2.1.1.2, \n2.1.1.3| PI66509| Apply [2.1.1-FTM-CPS-MP-fp0004](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=2.1.1-FTM-CPS-MP-fp0004&includeSupersedes=0&source=fc>) or later \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T20:03:06", "type": "ibm", "title": "Security Bulletin: IBM Financial Transaction Manager for Corporate Payment Services open source Apache Struts Vulnerabilities (CVE-2016-1181 CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T20:03:06", "id": "C9D56908C5941D51F8B700D0AEB133B65A72D4A5D3A7FAA2D989A477B71C954D", "href": "https://www.ibm.com/support/pages/node/548021", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:13", "description": "## Summary\n\nStruts v2 vulnerabilities affect IBM Security Identity Manager. IBM Security Identity Manager has addressed the applicable CVEs. \n \nThese issues were also addressed by IBM WebSphere Application Server, which is shipped with IBM Security Identity Manager. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n \nIBM Security Identity Manager version 6.0 \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Security Identity Manager version 6.0| Apply fixes from Identity Manager and WebSphere Application Server \n \nIBM Security Identity Manager (ISIM) [6.0.0-ISS-SIM-FP0015](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=6.0.0-ISS-SIM-FP0015&source=SAR&function=fixId&parent=IBM%20Security>) \n \n \nIBM Websphere Application Server 7.0, 8.0, 8.5 and 8.5.5 - [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:47:37", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:47:37", "id": "C24D4FCC97FD95E90382A4216040099F16203ABF61AF30281EF1C2E136253A42", "href": "https://www.ibm.com/support/pages/node/555339", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:46:35", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5 \nNote that IBM Tivoli System Automation Application Manager 3.2.2, 3.2.1, and 3.2.0 are not affected. \n\n## Remediation/Fixes\n\nYou need to install the corresponding APAR from WebSphere Application Server. Please follow the instructions on this link: [_http://www-01.ibm.com/support/docview.wss?uid=swg21985995_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>). Please see section \u201cAffected Products and Versions\u201d in this bulletin on details which fix of WebSphere Application Server applies to your version of IBM Tivoli System Automation Application Manager.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-17T15:25:57", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T15:25:57", "id": "65DC12D6E8E0D53E6ED0AF1F356647C749F500509AAE6E4435FC95F00517F01C", "href": "https://www.ibm.com/support/pages/node/284137", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:51:23", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Partner Gateway. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s) \n\n| Product and Version shipped as a component \n---|--- \nWebSphere Partner Gateway Advanced/Enterprise Edition 6.2.1.4| WebSphere Application Server 7.0 \nWebSphere Application Server 8.5.5 \n \n## ", "cvss3": {}, "published": "2018-06-16T20:02:09", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Partner Gateway Advanced/Enterprise Edition (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T20:02:09", "id": "AAE50909D8058934D5CCB989B4CEA17B72CABD2BC4CF08576581EC909FE087A7", "href": "https://www.ibm.com/support/pages/node/284941", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:50:12", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Tivoli Federated Identity Manager 6.2.1 \nIBM Tivoli Federated Identity Manager Business Gateway 6.2.1| IBM WebSphere Application Server 7.0 \nIBM Tivoli Federated Identity Manager 6.2.2 \nIBM Tivoli Federated Identity Manager Business Gateway 6.2.2| IBM WebSphere Application Server 7.0, 8.0, 8.5 \n \n## Remediation/Fixes\n\nIBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway are affected through IBM WebSphere Application Server. If you use one of the affected versions of WebSphere, update your IBM WebSphere Application Server with the appropriate Interim Fix based on information in the WebSphere security bulletin, ([Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:49:00", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:49:00", "id": "E3BD856982B27C3FE93EC13A76D5806B5BB18B95DD328F70706B73BE68D790ED", "href": "https://www.ibm.com/support/pages/node/287829", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:03", "description": "## Summary\n\n \nIBM WebSphere Application Server is shipped as a component of IBM Content Manager Records Enabler. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n\n## Vulnerability Details\n\n \nPlease consult the security bulletin [_Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nIBM Content Manager Records Enabler 8.5, 8.5.0.1, 8.5.0.2, 8.5.0.3, 8.5.0.4, 8.5.0.5 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41 \n \nIBM Content Manager Records Enabler 8.5.0.6 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 \n \nIBM Content Manager Records Enabler 8.5.0.7 | \n\nIBM WebSphere Application Server V7.0.0.0 through 7.0.0.41, V8.0.0.0 through 8.0.0.12, V8.5.0.0 through 8.5.5.9 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:16:17", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Content Manager Records Enabler (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:16:17", "id": "FFF1402575E7BE1F32E231DF470BEDA94544D3C346FFE024F98E6A628264A23E", "href": "https://www.ibm.com/support/pages/node/284113", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:50", "description": "## Summary\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Content Collector for File Systems v3.0 \nIBM Content Collector for File Systems v4.0 \nIBM Content Collector for File Systems v4.0.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Collector for File Systems| 3.0| Use IBM Content Collector for File Systems 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nIBM Content Collector for File Systems| 4.0| Use IBM Content Collector for File Systems 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \nIBM Content Collector for File Systems| 4.0.1| Use IBM Content Collector for File Systems 4.0.1.5 [Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.5-IBM-ICC-IF001&source=SAR&function=fixId&parent=Enterprise%20Content%20Management>) \n \nFollow the steps in the readme file in the 4.0.1.5 interim fix 001 to install the interim fix applicable to your version. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:17:47", "type": "ibm", "title": "Security Bulletin: OpenSource Apache Struts vulnerabilities in IBM Content Collector for File Systems", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:17:47", "id": "286378C830B748E29DFAEAB7AC19693EE4565D1CAB6189EAA20A975B835DFAD6", "href": "https://www.ibm.com/support/pages/node/292427", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:01", "description": "## Summary\n\nSecurity vulnerabilitiy exists in IBM FileNet Content Manager and IBM Content Foundation in Apache Struts.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n\n## Affected Products and Versions\n\nFileNet Content Manager 5.2.0 \nIBM Content Foundation 5.2.0 \n \nNote: this vulnerability is **_not_** applicable to FileNet Content Manager 5.2.1 or IBM Content Foundation 5.2.1\n\n## Remediation/Fixes\n\nInstall one of the fixes listed below to resolve the Apache Struts security vulnerability. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager| 5.2.0| [PJ44282](<http://www.ibm.com/support/docview.wss?uid=swg1PJ44282>)| [5.2.0.5-P8CPE-IF001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet+Product+Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.0.5&platform=All&function=all>) \\- Available 9/20/2016 \nIBM Content Foundation| 5.2.0| [PJ44282](<http://www.ibm.com/support/docview.wss?uid=swg1PJ44282>)| [5.2.0.5-P8CPE-IF001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet+Product+Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.0.5&platform=All&function=all>) \\- Available 9/20/2016 \n \nIn the above table, the APAR links will provide more information about the fix. \nThe links in the Remediation column will take you to the location within IBM Fix Central where you can download the particular fix you need. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:16:24", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:16:24", "id": "691466DAEE06683E49687F1AD61B1DE274EE44CA9F6E86B9BF8D7D76D6346999", "href": "https://www.ibm.com/support/pages/node/285013", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:15", "description": "## Summary\n\nVulnerabilities have been identified in the libxml2 library, which is a development toolbox providing the implementation of various XML standards. \n \nIBM Security Access Manager for Mobile uses libxml2 and is affected by these vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-4448](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113523> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2016-4449](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113524> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile 8.0, all firmware versions \n\nIBM Security Access Manager 9.0, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Mobile| 8.0.0.0 - \n8.0.1.4| IV89294 | 1\\. For releases prior to 8.0.1.4, upgrade to 8.0.1.4: \n[8.0.1-ISS-ISAM-FP0004](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \n2\\. Apply 8.0.1.4 Interim Fix 3: \n[8.0.1.4-ISS-ISAM-IF0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0 - \n9.0.1.0| IV89330| 1\\. For 9.0 environments, upgrade to 9.0.1.0: \n[IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n2\\. Apply 9.0.1.0 Interim Fix 5: \n[_9.0.1.0-ISS-ISAM-IF0005_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:46:39", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Mobile is affected by security vulnerabilities in libxml2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:46:39", "id": "D5DA548187DF2EFE03F7040FF05BC360041CF8C1CFAF6CD126E5A8B7D72A93AC", "href": "https://www.ibm.com/support/pages/node/552317", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:13", "description": "## Summary\n\nVulnerabilities have been identified in the libxml2 library, which is a development toolbox providing the implementation of various XML standards. \n \nIBM Security Access Manager for Web uses libxml2 and is affected by these vulnerabilities. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-4448](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113523> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2016-4449](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113524> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web 7.0 appliances \n\nIBM Security Access Manager for Web 8.0, all firmware versions\n\nIBM Security Access Manager 9.0, all firmware versions\n\n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 (appliance)| IV80986| Apply Interim Fix 26: \n[7.0.0-ISS-WGA-IF0026](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0.0.0 - \n8.0.1.4| IV89324| 1\\. For versions prior to 8.0.1.4, upgrade to 8.0.1.4:[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n[_8.0.1-ISS-WGA-FP0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n2\\. Apply 8.0.1.4 Interim Fix 2: \n[_8.0.1.4-ISS-WGA-IF0003_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager| 9.0 - \n9.0.1.0| IV89330| 1\\. For versions prior to 9.0.1.0, upgrade to 9.0.1.0: \n[IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n2\\. Apply 9.0.1.0 Interim Fix 5: \n[_9.0.1.0-ISS-ISAM-IF0005_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:46:39", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Web is affected by security vulnerabilities in libxml2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:46:39", "id": "E5020E25CC0D31B3DD625C72F6EB591C437E68772CFDB40BEECC3F7C69328CB0", "href": "https://www.ibm.com/support/pages/node/552319", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T20:31:58", "description": "## Summary\n\nStruts v2 vulnerabilities affet IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n\n## Affected Products and Versions\n\n \nIBM Spectrum Control 5.2.8 through 5.2.10.1 \nTivoli Storage Productivity Center 5.2.0 through 5.2.7.1 \nTivoli Storage Productivity Center 5.1.0 through 5.1.1.10 \n \nThe versions listed above apply to all licensed offerings of IBM Spectrum Control and Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.\n\n## Remediation/Fixes\n\n**Note:** It is always recommended to have a current backup before applying any update procedure. \n \nApply the IBM Spectrum Control or Tivoli Storage Productivity Center fix maintenance as soon as practicable. (See [_Latest Downloads_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>).) \n\n\n**Affected Version**| **APAR**| **Fixed Version**| **Availability** \n---|---|---|--- \n5.2.x| IT16542 | 5.2.11| August 2016 \n5.1.1.x| IT16542| 5.1.1.12| October 2016 \n \n \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-02-22T19:50:07", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts v2 affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-1181, CVE-2016-1182", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2022-02-22T19:50:07", "id": "29036B6FEB00571E2FBC00E867150134E5DF9C08AD44F9670B7C8B0109F99570", "href": "https://www.ibm.com/support/pages/node/549139", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T22:59:33", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nMaximo Asset Management 7.6 \nSmartCloud Control Desk 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nMaximo Asset Management 7.5 \nMaximo Asset Management Essentials 7.5 \nMaximo for Government 7.5 \nMaximo for Nuclear Power 7.5 \nMaximo for Transportation 7.5 \nMaximo for Life Sciences 7.5 \nMaximo for Oil and Gas 7.5 \nMaximo for Utilities 7.5 \nMaximo Adapter for Primavera 7.5 \nSmartCloud Control Desk 7.5 \nTRIRIGA Energy Optimization 1.1| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nIBM WebSphere Application Server 8.0 \nIBM WebSphere Application Server 7.0 \nMaximo Asset Management 7.1 \nMaximo Asset Management Essentials 7.1 \nMaximo Asset Management for Energy Optimization 7.1 \nMaximo for Government 7.1 \nMaximo for Nuclear Power 7.1 \nMaximo for Transportation 7.1 \nMaximo for Life Sciences 7.1 \nMaximo for Oil and Gas 7.1 \nMaximo for Utilities 7.1 \nMaximo Adapter for Primavera 7.1| IBM WebSphere Application Server 7.0 \nTivoli Asset Management for IT 7.2 \nTivoli Service Request Manager 7.2 \nChange and Configuration Management Database 7.2| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 7.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-22T03:02:31", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2022-09-22T03:02:31", "id": "23F8C1E67922626C0589CA86ED9B40D441D494E8B56CD8FF4A2EF76F18E6861F", "href": "https://www.ibm.com/support/pages/node/284963", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T23:04:37", "description": "## Summary\n\nIBM WebSphere Application Server v7.0 is shipped as a component of IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM WebSphere Application Server have been identified and published in a security bulletin.\n\n## Vulnerability Details\n\nConsult the security bulletin: [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<www.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Versions**\n\n| **Affected Supporting Products and Versions** \n---|--- \nIBM Intelligent Operations Center V1.5, V1.6| IBM Intelligent Operations Center for Emergency Management V1.6 \nIBM Intelligent Operations for Water V1.0, V1.5, V1.6 \nIBM Intelligent Operations for Transportation V1.0, V1.5, V1.6 \nIBM Intelligent City Planning and Operations V1.5, V1.6 \nIBM Intelligent Operations Center V5.1| IBM Intelligent Operations Center for Emergency Management V5.1 \n \n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<www.ibm.com/support/docview.wss?uid=swg21985995>). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Intelligent Operations Center and related products (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2022-08-19T21:04:31", "id": "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "href": "https://www.ibm.com/support/pages/node/284011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:52:18", "description": "## Summary\n\nStruts vulnerabilities affect ISD Server. ISD Server has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nFrom the IBM System Director command line enter smcli lsver to determine the level of IBM System Director installed. \n \nIBM Systems Director: \n\n\n * 6.1.0.0\n * 6.1.0.1\n * 6.1.0.2\n * 6.1.0.3\n * 6.1.1.1\n * 6.1.1.2\n * 6.1.1.3\n * 6.1.2.0\n * 6.1.2.1\n * 6.1.2.2\n * 6.1.2.3\n * 6.2.0.0\n * 6.2.0.1\n * 6.2.0.2\n * 6.2.1.0\n * 6.2.1.0\n * 6.2.1.1\n * 6.2.1.2\n * 6.3.0.0 \n * 6.3.1.0 \n * 6.3.1.1 \n * 6.3.2.0 \n * 6.3.2.1 \n * 6.3.2.2 \n * 6.3.3.0 \n * 6.3.3.1 \n * 6.3.5.0 \n * 6.3.6.0\n * 6.3.7.0\n\n## Remediation/Fixes\n\nIBM Systems Director version pre 6.3.5 are unsupported and will not be fixed. IBM recommends upgrading to a fixed, supported version of the product. \n\nFollow the instructions mentioned in Technote [811735241](<http://www-01.ibm.com/support/docview.wss?uid=nas74ca280436f7c28b1862580f1005aa33d>)[](<http://www-01.ibm.com/support/docview.wss?uid=nas72cf7b7fb4cdb924b862580a40000b3be>) to apply the fix for releases:\n\n * 6.3.5.0\n * 6.3.6.0\n * 6.3.7.0\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-18T01:35:34", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Struts affect IBM Systems Director (ISD) Server (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-18T01:35:34", "id": "1D6C51DC7D1DD9D1A9F07B9737CE12B7F8F933D3089EBCB68A0BBCF75680D250", "href": "https://www.ibm.com/support/pages/node/630929", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:01", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Enterprise Service Bus. Information about the security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Vulnerabilities in Apache Struts affects IBM WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nWebSphere Enterprise Service Bus v7.0 and v 7.5 \nWebSphere Enterprise Service Bus Registry Edition v7.0 and v 7.5\n\n## ", "cvss3": {}, "published": "2018-06-15T07:05:57", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere \nApplication Server shipped with WebSphere Enterprise Service Bus (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-15T07:05:57", "id": "4C800D760232A012AE25AED7F8AFCFF9E3EF3D9D48D3614E764CC6588F221519", "href": "https://www.ibm.com/support/pages/node/284105", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:51:14", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Tivoli Security Policy Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nProduct Version\n\n| WebSphere version \n---|--- \nTivoli Security Policy Manager 7.1| WebSphere Application Server 7.0 \nWebSphere Application Server 8.0 \nTivoli Security Policy Manager 7.0| WebSphere Application Server 7.0 \n \n## Remediation/Fixes\n\nIBM Tivoli Security Policy Manager (TSPM) is affected through IBM WebSphere Application Server. If you are running TSPM with one of the affected versions of WebSphere, update your IBM WebSphere Application Server with the appropriate Interim Fix based on information in the WebSphere security bulletin ([Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>)).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:46:38", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:46:38", "id": "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "href": "https://www.ibm.com/support/pages/node/552249", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:47:40", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nConsult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nAffected IBM WebSphere Application Server versions are listed in the security bulletin.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-17T12:16:26", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2016-1181, CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-17T12:16:26", "id": "A38279E551792BA29F1FA34034CD64E94266819C4862EDC7B206E7A748D269FD", "href": "https://www.ibm.com/support/pages/node/547525", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:28", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)](<http://www-01.ibm.com/support/docview.wss?uid=swg21985995>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nIBM Security Key Lifecycle Manager (SKLM) v2.5 on distributed platforms | WebSphere Application Server v8.5.5 \n \nIBM Security Key Lifecycle Manager (SKLM) v2.6 on distributed platforms | WebSphere Application Server v8.5.5.7 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-06-16T21:44:41", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2016-1181 and CVE-2016-1182)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1181", "CVE-2016-1182"], "modified": "2018-06-16T21:44:41", "id": "9E3B1F6158EF5703EF54F7C3064A7EB99BF9523B8A6CCF05475346791179C879", "href": "https://www.ibm.com/support/pages/node/547477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-12-04T14:21:13", "description": "From Red Hat Security Advisory 2016:0780 :\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978)\n\n* It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)\n\n* It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n* It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {}, "published": "2016-05-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : ntp (ELSA-2016-0780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ntp", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntpdate", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-0780.NASL", "href": "https://www.tenable.com/plugins/nessus/91151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0780 and \n# Oracle Linux Security Advisory ELSA-2016-0780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91151);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7977\", \"CVE-2015-7978\");\n script_xref(name:\"RHSA\", value:\"2016:0780\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Oracle Linux 6 : ntp (ELSA-2016-0780)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:0780 :\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three\nissues were found in the value length checks in NTP's ntp_crypto.c,\nwhere a packet with particular autokey operations that contained\nmalicious data was not always being completely validated. A remote\nattacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send\npackets to ntpd that would, after several days of ongoing attack,\ncause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. A specially crafted NTP packet\ncould potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could potentially use this flaw\nto crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd\nprocessed 'ntpdc reslist' commands that queried restriction lists with\na large amount of entries. A remote attacker could use this flaw to\ncrash ntpd. (CVE-2015-7978)\n\n* It was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration\ncommand. (CVE-2015-5195)\n\n* It was discovered that the sntp utility could become unresponsive\ndue to being caught in an infinite loop when processing a crafted NTP\npacket. (CVE-2015-5219)\n\n* It was found that NTP's :config command could be used to set the\npidfile and driftfile paths without any restrictions. A remote\nattacker could use this flaw to overwrite a file on the file system\nwith a file containing the pid of the ntpd process (immediately) or\nthe current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvar (Red Hat).\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006059.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ntp-4.2.6p5-10.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-doc-4.2.6p5-10.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-perl-4.2.6p5-10.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntpdate-4.2.6p5-10.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:00:15", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547)\n\n - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548)\n\n - check mode of new source in config command (CVE-2016-2518)\n\n - make MAC check resilient against timing attack (CVE-2016-1550)\n\n - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)\n\n - fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)\n\n - fix crash with invalid logconfig command (CVE-2015-5194)\n\n - fix crash when referencing disabled statistic type (CVE-2015-5195)\n\n - don't hang in sntp with crafted reply (CVE-2015-5219)\n\n - don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n - fix memory leak with autokey (CVE-2015-7701)\n\n - don't allow setting driftfile and pidfile remotely (CVE-2015-7703)\n\n - don't crash in ntpq with crafted packet (CVE-2015-7852)\n\n - add option to set Differentiated Services Code Point (DSCP) (#1228314)\n\n - extend rawstats log (#1242895)\n\n - fix resetting of leap status (#1243034)\n\n - report clock state changes related to leap seconds (#1242937)\n\n - allow -4/-6 on restrict lines with mask (#1232146)\n\n - retry joining multicast groups (#1288534)\n\n - explain synchronised state in ntpstat man page (#1286969)\n\n - check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)\n\n - allow only one step larger than panic threshold with -g (CVE-2015-5300)", "cvss3": {}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:ntp", "p-cpe:/a:oracle:vm:ntpdate", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0082.NASL", "href": "https://www.tenable.com/plugins/nessus/91419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0082.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91419);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-5300\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7704\", \"CVE-2015-7852\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2518\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - don't allow spoofed packets to demobilize associations\n (CVE-2015-7979, CVE-2016-1547)\n\n - don't allow spoofed packet to enable symmetric\n interleaved mode (CVE-2016-1548)\n\n - check mode of new source in config command\n (CVE-2016-2518)\n\n - make MAC check resilient against timing attack\n (CVE-2016-1550)\n\n - don't accept server/peer packets with zero origin\n timestamp (CVE-2015-8138)\n\n - fix crash with reslist command (CVE-2015-7977,\n CVE-2015-7978)\n\n - fix crash with invalid logconfig command (CVE-2015-5194)\n\n - fix crash when referencing disabled statistic type\n (CVE-2015-5195)\n\n - don't hang in sntp with crafted reply (CVE-2015-5219)\n\n - don't crash with crafted autokey packet (CVE-2015-7691,\n CVE-2015-7692, CVE-2015-7702)\n\n - fix memory leak with autokey (CVE-2015-7701)\n\n - don't allow setting driftfile and pidfile remotely\n (CVE-2015-7703)\n\n - don't crash in ntpq with crafted packet (CVE-2015-7852)\n\n - add option to set Differentiated Services Code Point\n (DSCP) (#1228314)\n\n - extend rawstats log (#1242895)\n\n - fix resetting of leap status (#1243034)\n\n - report clock state changes related to leap seconds\n (#1242937)\n\n - allow -4/-6 on restrict lines with mask (#1232146)\n\n - retry joining multicast groups (#1288534)\n\n - explain synchronised state in ntpstat man page\n (#1286969)\n\n - check origin timestamp before accepting KoD RATE packet\n (CVE-2015-7704)\n\n - allow only one step larger than panic threshold with -g\n (CVE-2015-5300)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ntp / ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntp-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntpdate-4.2.6p5-10.el6.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"ntp-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"ntpdate-4.2.6p5-10.el6.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:58:01", "description": "An update for ntp is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978)\n\n* It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)\n\n* It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n* It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {}, "published": "2016-05-17T00:00:00", "type": "nessus", "title": "CentOS 6 : ntp (CESA-2016:0780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "p-cpe:/a:centos:centos:ntp-doc", "p-cpe:/a:centos:centos:ntp-perl", "p-cpe:/a:centos:centos:ntpdate", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-0780.NASL", "href": "https://www.tenable.com/plugins/nessus/91169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0780 and \n# CentOS Errata and Security Advisory 2016:0780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91169);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7977\", \"CVE-2015-7978\");\n script_xref(name:\"RHSA\", value:\"2016:0780\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"CentOS 6 : ntp (CESA-2016:0780)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ntp is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three\nissues were found in the value length checks in NTP's ntp_crypto.c,\nwhere a packet with particular autokey operations that contained\nmalicious data was not always being completely validated. A remote\nattacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send\npackets to ntpd that would, after several days of ongoing attack,\ncause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. A specially crafted NTP packet\ncould potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could potentially use this flaw\nto crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd\nprocessed 'ntpdc reslist' commands that queried restriction lists with\na large amount of entries. A remote attacker could use this flaw to\ncrash ntpd. (CVE-2015-7978)\n\n* It was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration\ncommand. (CVE-2015-5195)\n\n* It was discovered that the sntp utility could become unresponsive\ndue to being caught in an infinite loop when processing a crafted NTP\npacket. (CVE-2015-5219)\n\n* It was found that NTP's :config command could be used to set the\npidfile and driftfile paths without any restrictions. A remote\nattacker could use this flaw to overwrite a file on the file system\nwith a file containing the pid of the ntpd process (immediately) or\nthe current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvar (Red Hat).\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-May/002927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39e3e41a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7701\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-4.2.6p5-10.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-doc-4.2.6p5-10.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-perl-4.2.6p5-10.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntpdate-4.2.6p5-10.el6.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:49:33", "description": "An update for ntp is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978)\n\n* It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)\n\n* It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n* It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "RHEL 6 : ntp (RHSA-2016:0780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0780.NASL", "href": "https://www.tenable.com/plugins/nessus/91076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0780. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91076);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7977\", \"CVE-2015-7978\");\n script_xref(name:\"RHSA\", value:\"2016:0780\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"RHEL 6 : ntp (RHSA-2016:0780)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ntp is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three\nissues were found in the value length checks in NTP's ntp_crypto.c,\nwhere a packet with particular autokey operations that contained\nmalicious data was not always being completely validated. A remote\nattacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send\npackets to ntpd that would, after several days of ongoing attack,\ncause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. A specially crafted NTP packet\ncould potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could potentially use this flaw\nto crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd\nprocessed 'ntpdc reslist' commands that queried restriction lists with\na large amount of entries. A remote attacker could use this flaw to\ncrash ntpd. (CVE-2015-7978)\n\n* It was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration\ncommand. (CVE-2015-5195)\n\n* It was discovered that the sntp utility could become unresponsive\ndue to being caught in an infinite loop when processing a crafted NTP\npacket. (CVE-2015-5219)\n\n* It was found that NTP's :config command could be used to set the\npidfile and driftfile paths without any restrictions. A remote\nattacker could use this flaw to overwrite a file on the file system\nwith a file containing the pid of the ntpd process (immediately) or\nthe current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvar (Red Hat).\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0780\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-debuginfo-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ntp-doc-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-perl-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-perl-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntpdate-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-10.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-10.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:01:09", "description": "Security Fix(es) :\n\n - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n - A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n - An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n - A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n - A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd.\n (CVE-2015-7978)\n\n - It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194)\n\n - It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command.\n (CVE-2015-5195)\n\n - It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n - It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvr (Red Hat).", "cvss3": {}, "published": "2016-06-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ntp", "p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ntp-doc", "p-cpe:/a:fermilab:scientific_linux:ntp-perl", "p-cpe:/a:fermilab:scientific_linux:ntpdate", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160510_NTP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91539);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9750\", \"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7977\", \"CVE-2015-7978\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - It was found that the fix for CVE-2014-9750 was\n incomplete: three issues were found in the value length\n checks in NTP's ntp_crypto.c, where a packet with\n particular autokey operations that contained malicious\n data was not always being completely validated. A remote\n attacker could use a specially crafted NTP packet to\n crash ntpd. (CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7702)\n\n - A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If\n ntpd was configured to use autokey authentication, an\n attacker could send packets to ntpd that would, after\n several days of ongoing attack, cause it to run out of\n memory. (CVE-2015-7701)\n\n - An off-by-one flaw, leading to a buffer overflow, was\n found in cookedprint functionality of ntpq. A specially\n crafted NTP packet could potentially cause ntpq to\n crash. (CVE-2015-7852)\n\n - A NULL pointer dereference flaw was found in the way\n ntpd processed 'ntpdc reslist' commands that queried\n restriction lists with a large amount of entries. A\n remote attacker could potentially use this flaw to crash\n ntpd. (CVE-2015-7977)\n\n - A stack-based buffer overflow flaw was found in the way\n ntpd processed 'ntpdc reslist' commands that queried\n restriction lists with a large amount of entries. A\n remote attacker could use this flaw to crash ntpd.\n (CVE-2015-7978)\n\n - It was found that ntpd could crash due to an\n uninitialized variable when processing malformed\n logconfig configuration commands. (CVE-2015-5194)\n\n - It was found that ntpd would exit with a segmentation\n fault when a statistics type that was not enabled during\n compilation (e.g. timingstats) was referenced by the\n statistics or filegen configuration command.\n (CVE-2015-5195)\n\n - It was discovered that the sntp utility could become\n unresponsive due to being caught in an infinite loop\n when processing a crafted NTP packet. (CVE-2015-5219)\n\n - It was found that NTP's :config command could be used to\n set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to\n overwrite a file on the file system with a file\n containing the pid of the ntpd process (immediately) or\n the current estimated drift of the system clock (in\n hourly intervals). (CVE-2015-7703)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvr (Red Hat).\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=1297\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef45218d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ntp-4.2.6p5-10.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-debuginfo-4.2.6p5-10.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-doc-4.2.6p5-10.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-perl-4.2.6p5-10.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntpdate-4.2.6p5-10.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:24:47", "description": "According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.(CVE-2015-5194)\n\n - It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command.(CVE-2015-5195)\n\n - It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).(CVE-2015-5196)\n\n - It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet.(CVE-2015-5219)\n\n - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.(CVE-2015-7691)\n\n - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.(CVE-2015-7692)\n\n - A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory.(CVE-2015-7701)\n\n - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.(CVE-2015-7702)\n\n - It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).(CVE-2015-7703)\n\n - An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash.(CVE-2015-7852)\n\n - A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A).(CVE-2015-7974)\n\n - A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd.(CVE-2015-7977)\n\n - A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd.(CVE-2015-7978)\n\n - It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.(CVE-2015-7979)\n\n - A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance.(CVE-2015-8158)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : ntp (EulerOS-SA-2016-1060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8158"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ntp", "p-cpe:/a:huawei:euleros:ntpdate", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/99822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99822);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-5194\",\n \"CVE-2015-5195\",\n \"CVE-2015-5196\",\n \"CVE-2015-5219\",\n \"CVE-2015-7691\",\n \"CVE-2015-7692\",\n \"CVE-2015-7701\",\n \"CVE-2015-7702\",\n \"CVE-2015-7703\",\n \"CVE-2015-7852\",\n \"CVE-2015-7974\",\n \"CVE-2015-7977\",\n \"CVE-2015-7978\",\n \"CVE-2015-7979\",\n \"CVE-2015-8158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : ntp (EulerOS-SA-2016-1060)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ntp packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that ntpd could crash due to an\n uninitialized variable when processing malformed\n logconfig configuration commands.(CVE-2015-5194)\n\n - It was found that ntpd would exit with a segmentation\n fault when a statistics type that was not enabled\n during compilation (e.g. timingstats) was referenced by\n the statistics or filegen configuration\n command.(CVE-2015-5195)\n\n - It was found that NTP's :config command could be used\n to set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to\n overwrite a file on the file system with a file\n containing the pid of the ntpd process (immediately) or\n the current estimated drift of the system clock (in\n hourly intervals).(CVE-2015-5196)\n\n - It was discovered that the sntp utility could become\n unresponsive due to being caught in an infinite loop\n when processing a crafted NTP packet.(CVE-2015-5219)\n\n - It was found that the fix for CVE-2014-9750 was\n incomplete: three issues were found in the value length\n checks in NTP's ntp_crypto.c, where a packet with\n particular autokey operations that contained malicious\n data was not always being completely validated. A\n remote attacker could use a specially crafted NTP\n packet to crash ntpd.(CVE-2015-7691)\n\n - It was found that the fix for CVE-2014-9750 was\n incomplete: three issues were found in the value length\n checks in NTP's ntp_crypto.c, where a packet with\n particular autokey operations that contained malicious\n data was not always being completely validated. A\n remote attacker could use a specially crafted NTP\n packet to crash ntpd.(CVE-2015-7692)\n\n - A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If\n ntpd was configured to use autokey authentication, an\n attacker could send packets to ntpd that would, after\n several days of ongoing attack, cause it to run out of\n memory.(CVE-2015-7701)\n\n - It was found that the fix for CVE-2014-9750 was\n incomplete: three issues were found in the value length\n checks in NTP's ntp_crypto.c, where a packet with\n particular autokey operations that contained malicious\n data was not always being completely validated. A\n remote attacker could use a specially crafted NTP\n packet to crash ntpd.(CVE-2015-7702)\n\n - It was found that NTP's :config command could be used\n to set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to\n overwrite a file on the file system with a file\n containing the pid of the ntpd process (immediately) or\n the current estimated drift of the system clock (in\n hourly intervals).(CVE-2015-7703)\n\n - An off-by-one flaw, leading to a buffer overflow, was\n found in cookedprint functionality of ntpq. A specially\n crafted NTP packet could potentially cause ntpq to\n crash.(CVE-2015-7852)\n\n - A flaw was found in the way NTP verified trusted keys\n during symmetric key authentication. An authenticated\n client (A) could use this flaw to modify a packet sent\n between a server (B) and a client (C) using a key that\n is different from the one known to the client\n (A).(CVE-2015-7974)\n\n - A NULL pointer dereference flaw was found in the way\n ntpd processed 'ntpdc reslist' commands that queried\n restriction lists with a large amount of entries. A\n remote attacker could potentially use this flaw to\n crash ntpd.(CVE-2015-7977)\n\n - A stack-based buffer overflow flaw was found in the way\n ntpd processed 'ntpdc reslist' commands that queried\n restriction lists with a large amount of entries. A\n remote attacker could use this flaw to crash\n ntpd.(CVE-2015-7978)\n\n - It was found that when NTP was configured in broadcast\n mode, a remote attacker could broadcast packets with\n bad authentication to all clients. The clients, upon\n receiving the malformed packets, would break the\n association with the broadcast server, causing them to\n become out of sync over a longer period of\n time.(CVE-2015-7979)\n\n - A flaw was found in the way the ntpq client processed\n certain incoming packets in a loop in the getresponse()\n function. A remote attacker could potentially use this\n flaw to crash an ntpq client instance.(CVE-2015-8158)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1060\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f858772b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ntp-4.2.6p5-25.0.1.h1\",\n \"ntpdate-4.2.6p5-25.0.1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:02:06", "description": "An update for ntp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)\n\n* It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : ntp (RHSA-2016:2583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8158"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "p-cpe:/a:redhat:enterprise_linux:sntp", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2583.NASL", "href": "https://www.tenable.com/plugins/nessus/94546", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2583. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94546);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5196\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\");\n script_xref(name:\"RHSA\", value:\"2016:2583\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"RHEL 7 : ntp (RHSA-2016:2583)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ntp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three\nissues were found in the value length checks in NTP's ntp_crypto.c,\nwhere a packet with particular autokey operations that contained\nmalicious data was not always being completely validated. A remote\nattacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send\npackets to ntpd that would, after several days of ongoing attack,\ncause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. A specially crafted NTP packet\ncould potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could potentially use this flaw\nto crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd\nprocessed 'ntpdc reslist' commands that queried restriction lists with\na large amount of entries. A remote attacker could use this flaw to\ncrash ntpd. (CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a\nremote attacker could broadcast packets with bad authentication to all\nclients. The clients, upon receiving the malformed packets, would\nbreak the association with the broadcast server, causing them to\nbecome out of sync over a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration\ncommand. (CVE-2015-5195)\n\n* It was found that NTP's :config command could be used to set the\npidfile and driftfile paths without any restrictions. A remote\nattacker could use this flaw to overwrite a file on the file system\nwith a file containing the pid of the ntpd process (immediately) or\nthe current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive\ndue to being caught in an infinite loop when processing a crafted NTP\npacket. (CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during\nsymmetric key authentication. An authenticated client (A) could use\nthis flaw to modify a packet sent between a server (B) and a client\n(C) using a key that is different from the one known to the client\n(A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain\nincoming packets in a loop in the getresponse() function. A remote\nattacker could potentially use this flaw to crash an ntpq client\ninstance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvar (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2583\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-doc-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-perl-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"sntp-4.2.6p5-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-25.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:02:17", "description": "From Red Hat Security Advisory 2016:2583 :\n\nAn update for ntp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)\n\n* It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ntp (ELSA-2016-2583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8158"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ntp", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntpdate", "p-cpe:/a:oracle:linux:sntp", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2583.NASL", "href": "https://www.tenable.com/plugins/nessus/94705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2583 and \n# Oracle Linux Security Advisory ELSA-2016-2583 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94705);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5196\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\");\n script_xref(name:\"RHSA\", value:\"2016:2583\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Oracle Linux 7 : ntp (ELSA-2016-2583)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:2583 :\n\nAn update for ntp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three\nissues were found in the value length checks in NTP's ntp_crypto.c,\nwhere a packet with particular autokey operations that contained\nmalicious data was not always being completely validated. A remote\nattacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send\npackets to ntpd that would, after several days of ongoing attack,\ncause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. A specially crafted NTP packet\ncould potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could potentially use this flaw\nto crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd\nprocessed 'ntpdc reslist' commands that queried restriction lists with\na large amount of entries. A remote attacker could use this flaw to\ncrash ntpd. (CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a\nremote attacker could broadcast packets with bad authentication to all\nclients. The clients, upon receiving the malformed packets, would\nbreak the association with the broadcast server, causing them to\nbecome out of sync over a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration\ncommand. (CVE-2015-5195)\n\n* It was found that NTP's :config command could be used to set the\npidfile and driftfile paths without any restrictions. A remote\nattacker could use this flaw to overwrite a file on the file system\nwith a file containing the pid of the ntpd process (immediately) or\nthe current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive\ndue to being caught in an infinite loop when processing a crafted NTP\npacket. (CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during\nsymmetric key authentication. An authenticated client (A) could use\nthis flaw to modify a packet sent between a server (B) and a client\n(C) using a key that is different from the one known to the client\n(A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain\nincoming packets in a loop in the getresponse() function. A remote\nattacker could potentially use this flaw to crash an ntpq client\ninstance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvar (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-25.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-25.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-25.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-25.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-25.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:28", "description": "Security Fix(es) :\n\n - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n - A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n - An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n - A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n - A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd.\n (CVE-2015-7978)\n\n - It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.\n (CVE-2015-7979)\n\n - It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194)\n\n - It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command.\n (CVE-2015-5195)\n\n - It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703)\n\n - It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n - A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A).\n (CVE-2015-7974)\n\n - A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvr (Red Hat).\n\nAdditional Changes :", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8158"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ntp", "p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ntp-doc", "p-cpe:/a:fermilab:scientific_linux:ntp-perl", "p-cpe:/a:fermilab:scientific_linux:ntpdate", "p-cpe:/a:fermilab:scientific_linux:sntp", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_NTP_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95850);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9750\", \"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5196\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - It was found that the fix for CVE-2014-9750 was\n incomplete: three issues were found in the value length\n checks in NTP's ntp_crypto.c, where a packet with\n particular autokey operations that contained malicious\n data was not always being completely validated. A remote\n attacker could use a specially crafted NTP packet to\n crash ntpd. (CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7702)\n\n - A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If\n ntpd was configured to use autokey authentication, an\n attacker could send packets to ntpd that would, after\n several days of ongoing attack, cause it to run out of\n memory. (CVE-2015-7701)\n\n - An off-by-one flaw, leading to a buffer overflow, was\n found in cookedprint functionality of ntpq. A specially\n crafted NTP packet could potentially cause ntpq to\n crash. (CVE-2015-7852)\n\n - A NULL pointer dereference flaw was found in the way\n ntpd processed 'ntpdc reslist' commands that queried\n restriction lists with a large amount of entries. A\n remote attacker could potentially use this flaw to crash\n ntpd. (CVE-2015-7977)\n\n - A stack-based buffer overflow flaw was found in the way\n ntpd processed 'ntpdc reslist' commands that queried\n restriction lists with a large amount of entries. A\n remote attacker could use this flaw to crash ntpd.\n (CVE-2015-7978)\n\n - It was found that when NTP was configured in broadcast\n mode, a remote attacker could broadcast packets with bad\n authentication to all clients. The clients, upon\n receiving the malformed packets, would break the\n association with the broadcast server, causing them to\n become out of sync over a longer period of time.\n (CVE-2015-7979)\n\n - It was found that ntpd could crash due to an\n uninitialized variable when processing malformed\n logconfig configuration commands. (CVE-2015-5194)\n\n - It was found that ntpd would exit with a segmentation\n fault when a statistics type that was not enabled during\n compilation (e.g. timingstats) was referenced by the\n statistics or filegen configuration command.\n (CVE-2015-5195)\n\n - It was found that NTP's :config command could be used to\n set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to\n overwrite a file on the file system with a file\n containing the pid of the ntpd process (immediately) or\n the current estimated drift of the system clock (in\n hourly intervals). (CVE-2015-5196, CVE-2015-7703)\n\n - It was discovered that the sntp utility could become\n unresponsive due to being caught in an infinite loop\n when processing a crafted NTP packet. (CVE-2015-5219)\n\n - A flaw was found in the way NTP verified trusted keys\n during symmetric key authentication. An authenticated\n client (A) could use this flaw to modify a packet sent\n between a server (B) and a client (C) using a key that\n is different from the one known to the client (A).\n (CVE-2015-7974)\n\n - A flaw was found in the way the ntpq client processed\n certain incoming packets in a loop in the getresponse()\n function. A remote attacker could potentially use this\n flaw to crash an ntpq client instance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvr (Red Hat).\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=12188\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5db535f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-doc-4.2.6p5-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-perl-4.2.6p5-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-25.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:01:39", "description": "An update for ntp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)\n\n* It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvar (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : ntp (CESA-2016:2583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8158"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "p-cpe:/a:centos:centos:ntp-doc", "p-cpe:/a:centos:centos:ntp-perl", "p-cpe:/a:centos:centos:ntpdate", "p-cpe:/a:centos:centos:sntp", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2583.NASL", "href": "https://www.tenable.com/plugins/nessus/95330", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2583 and \n# CentOS Errata and Security Advisory 2016:2583 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95330);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5196\", \"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7852\", \"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\");\n script_xref(name:\"RHSA\", value:\"2016:2583\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"CentOS 7 : ntp (CESA-2016:2583)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ntp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three\nissues were found in the value length checks in NTP's ntp_crypto.c,\nwhere a packet with particular autokey operations that contained\nmalicious data was not always being completely validated. A remote\nattacker could use a specially crafted NTP packet to crash ntpd.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\n* A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send\npackets to ntpd that would, after several days of ongoing attack,\ncause it to run out of memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. A specially crafted NTP packet\ncould potentially cause ntpq to crash. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could potentially use this flaw\nto crash ntpd. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd\nprocessed 'ntpdc reslist' commands that queried restriction lists with\na large amount of entries. A remote attacker could use this flaw to\ncrash ntpd. (CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a\nremote attacker could broadcast packets with bad authentication to all\nclients. The clients, upon receiving the malformed packets, would\nbreak the association with the broadcast server, causing them to\nbecome out of sync over a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) was referenced by the statistics or filegen configuration\ncommand. (CVE-2015-5195)\n\n* It was found that NTP's :config command could be used to set the\npidfile and driftfile paths without any restrictions. A remote\nattacker could use this flaw to overwrite a file on the file system\nwith a file containing the pid of the ntpd process (immediately) or\nthe current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive\ndue to being caught in an infinite loop when processing a crafted NTP\npacket. (CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during\nsymmetric key authentication. An authenticated client (A) could use\nthis flaw to modify a packet sent between a server (B) and a client\n(C) using a key that is different from the one known to the client\n(A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain\nincoming packets in a loop in the getresponse() function. A remote\nattacker could potentially use this flaw to crash an ntpq client\ninstance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvar (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003635.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?195d0cb9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7701\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-25.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-25.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-25.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-25.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-25.el7.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:58:11", "description": "An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).", "cvss3": {}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : ntp (RHSA-2016:1141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "p-cpe:/a:redhat:enterprise_linux:sntp", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/91420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1141. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91420);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7979\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2518\");\n script_xref(name:\"RHSA\", value:\"2016:1141\");\n\n script_name(english:\"RHEL 6 / 7 : ntp (RHSA-2016:1141)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ntp is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a\nremote attacker could broadcast packets with bad authentication to all\nclients. The clients, upon receiving the malformed packets, would\nbreak the association with the broadcast server, causing them to\nbecome out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled\npreemptable client associations. A remote attacker could send several\ncrypto NAK packets to a victim client, each with a spoofed source\naddress of an existing associated peer, preventing that client from\nsynchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from\nbasic client/server mode to the interleaved symmetric mode. A remote\nattacker could use a spoofed packet that, when processed by an ntpd\nclient, would cause that client to reject all future legitimate server\nresponses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message\nauthentication. An attacker able to observe the timing of the\ncomparison function used in packet authentication could potentially\nuse this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed\ncertain packets. An authenticated attacker could use a crafted packet\nto create a peer association with hmode of 7 and larger, which could\npotentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2518\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1141\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-debuginfo-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ntp-doc-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-perl-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-perl-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntpdate-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-10.el6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-10.el6.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-doc-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-perl-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"sntp-4.2.6p5-22.el7_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:01:32", "description": "Security Fix(es) :\n\n - It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.\n (CVE-2015-7979)\n\n - A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547)\n\n - It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548)\n\n - A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)\n\n - An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash.\n (CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).", "cvss3": {}, "published": "2016-06-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20160531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ntp", "p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ntp-doc", "p-cpe:/a:fermilab:scientific_linux:ntp-perl", "p-cpe:/a:fermilab:scientific_linux:ntpdate", "p-cpe:/a:fermilab:scientific_linux:sntp", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160531_NTP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91644);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7979\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2518\");\n\n script_name(english:\"Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20160531)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that when NTP was configured in broadcast\n mode, a remote attacker could broadcast packets with bad\n authentication to all clients. The clients, upon\n receiving the malformed packets, would break the\n association with the broadcast server, causing them to\n become out of sync over a longer period of time.\n (CVE-2015-7979)\n\n - A denial of service flaw was found in the way NTP\n handled preemptable client associations. A remote\n attacker could send several crypto NAK packets to a\n victim client, each with a spoofed source address of an\n existing associated peer, preventing that client from\n synchronizing its time. (CVE-2016-1547)\n\n - It was found that an ntpd client could be forced to\n change from basic client/server mode to the interleaved\n symmetric mode. A remote attacker could use a spoofed\n packet that, when processed by an ntpd client, would\n cause that client to reject all future legitimate server\n responses, effectively disabling time synchronization on\n that client. (CVE-2016-1548)\n\n - A flaw was found in the way NTP's libntp performed\n message authentication. An attacker able to observe the\n timing of the comparison function used in packet\n authentication could potentially use this flaw to\n recover the message digest. (CVE-2016-1550)\n\n - An out-of-bounds access flaw was found in the way ntpd\n processed certain packets. An authenticated attacker\n could use a crafted packet to create a peer association\n with hmode of 7 and larger, which could potentially\n (although highly unlikely) cause ntpd to crash.\n (CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=5337\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?278b7f0d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ntp-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-debuginfo-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-doc-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-perl-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntpdate-4.2.6p5-10.el6.1\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-doc-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-perl-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:58:11", "description": "An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).", "cvss3": {}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : ntp (CESA-2016:1141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "p-cpe:/a:centos:centos:ntp-doc", "p-cpe:/a:centos:centos:ntp-perl", "p-cpe:/a:centos:centos:ntpdate", "p-cpe:/a:centos:centos:sntp", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/91394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1141 and \n# CentOS Errata and Security Advisory 2016:1141 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91394);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7979\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2518\");\n script_xref(name:\"RHSA\", value:\"2016:1141\");\n\n script_name(english:\"CentOS 6 / 7 : ntp (CESA-2016:1141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ntp is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a\nremote attacker could broadcast packets with bad authentication to all\nclients. The clients, upon receiving the malformed packets, would\nbreak the association with the broadcast server, causing them to\nbecome out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled\npreemptable client associations. A remote attacker could send several\ncrypto NAK packets to a victim client, each with a spoofed source\naddress of an existing associated peer, preventing that client from\nsynchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from\nbasic client/server mode to the interleaved symmetric mode. A remote\nattacker could use a spoofed packet that, when processed by an ntpd\nclient, would cause that client to reject all future legitimate server\nresponses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message\nauthentication. An attacker able to observe the timing of the\ncomparison function used in packet authentication could potentially\nuse this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed\ncertain packets. An authenticated attacker could use a crafted packet\nto create a peer association with hmode of 7 and larger, which could\npotentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-May/021898.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef46a88f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-May/021899.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53f416cf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1548\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-4.2.6p5-10.el6.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-doc-4.2.6p5-10.el6.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-perl-4.2.6p5-10.el6.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntpdate-4.2.6p5-10.el6.centos.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7.centos.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:56:00", "description": "An update for ntp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).", "cvss3": {}, "published": "2016-08-04T00:00:00", "type": "nessus", "title": "RHEL 6 : ntp (RHSA-2016:1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2016-1552.NASL", "href": "https://www.tenable.com/plugins/nessus/92718", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1552. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92718);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7979\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2518\");\n script_xref(name:\"RHSA\", value:\"2016:1552\");\n\n script_name(english:\"RHEL 6 : ntp (RHSA-2016:1552)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ntp is now available for Red Hat Enterprise Linux 6.7\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a\nremote attacker could broadcast packets with bad authentication to all\nclients. The clients, upon receiving the malformed packets, would\nbreak the association with the broadcast server, causing them to\nbecome out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled\npreemptable client associations. A remote attacker could send several\ncrypto NAK packets to a victim client, each with a spoofed source\naddress of an existing associated peer, preventing that client from\nsynchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from\nbasic client/server mode to the interleaved symmetric mode. A remote\nattacker could use a spoofed packet that, when processed by an ntpd\nclient, would cause that client to reject all future legitimate server\nresponses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message\nauthentication. An attacker able to observe the timing of the\ncomparison function used in packet authentication could potentially\nuse this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed\ncertain packets. An authenticated attacker could use a crafted packet\nto create a peer association with hmode of 7 and larger, which could\npotentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2518\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1552\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"ntp-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"ntp-doc-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"ntp-perl-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"ntp-perl-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"ntpdate-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-5.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-5.el6_7.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:57:47", "description": "From Red Hat Security Advisory 2016:1141 :\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).", "cvss3": {}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : ntp (ELSA-2016-1141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ntp", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntpdate", "p-cpe:/a:oracle:linux:sntp", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/91418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1141 and \n# Oracle Linux Security Advisory ELSA-2016-1141 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91418);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7979\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2518\");\n script_xref(name:\"RHSA\", value:\"2016:1141\");\n\n script_name(english:\"Oracle Linux 6 / 7 : ntp (ELSA-2016-1141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1141 :\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nSecurity Fix(es) :\n\n* It was found that when NTP was configured in broadcast mode, a\nremote attacker could broadcast packets with bad authentication to all\nclients. The clients, upon receiving the malformed packets, would\nbreak the association with the broadcast server, causing them to\nbecome out of sync over a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled\npreemptable client associations. A remote attacker could send several\ncrypto NAK packets to a victim client, each with a spoofed source\naddress of an existing associated peer, preventing that client from\nsynchronizing its time. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from\nbasic client/server mode to the interleaved symmetric mode. A remote\nattacker could use a spoofed packet that, when processed by an ntpd\nclient, would cause that client to reject all future legitimate server\nresponses, effectively disabling time synchronization on that client.\n(CVE-2016-1548)\n\n* A flaw was found in the way NTP's libntp performed message\nauthentication. An attacker able to observe the timing of the\ncomparison function used in packet authentication could potentially\nuse this flaw to recover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed\ncertain packets. An authenticated attacker could use a crafted packet\nto create a peer association with hmode of 7 and larger, which could\npotentially (although highly unlikely) cause ntpd to crash.\n(CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006099.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ntp-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-doc-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-perl-4.2.6p5-10.el6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntpdate-4.2.6p5-10.el6.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:45:41", "description": "Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 ---- Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5146", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7852", "CVE-2015-7871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-77BFBC1BCD.NASL", "href": "https://www.tenable.com/plugins/nessus/89288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-77bfbc1bcd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89288);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5146\", \"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5196\", \"CVE-2015-5219\", \"CVE-2015-5300\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7704\", \"CVE-2015-7852\", \"CVE-2015-7871\");\n script_xref(name:\"FEDORA\", value:\"2015-77bfbc1bcd\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692,\nCVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852,\nCVE-2015-7701 ---- Security fix for CVE-2015-5146, CVE-2015-5194,\nCVE-2015-5219, CVE-2015-5195, CVE-2015-5196\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1238136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1254542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1254544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1254547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1255118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274265\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a1795ec\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"ntp-4.2.6p5-34.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:22:41", "description": "Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs :\n\nCVE-2015-7974\n\nMatt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers.\n\nCVE-2015-7977 / CVE-2015-7978\n\nStephen Gray discovered that a NULL pointer dereference and a buffer overflow in the handling of 'ntpdc reslist' commands may result in denial of service.\n\nCVE-2015-7979\n\nAanchal Malhotra discovered that if NTP is configured for broadcast mode, an attacker can send malformed authentication packets which break associations with the server for other broadcast clients.\n\nCVE-2015-8138\n\nMatthew van Gundy and Jonathan Gardner discovered that missing validation of origin timestamps in ntpd clients may result in denial of service.\n\nCVE-2015-8158\n\nJonathan Gardner discovered that missing input sanitising in ntpq may result in denial of service.\n\nCVE-2016-1547\n\nStephen Gray and Matthew van Gundy discovered that incorrect handling of crypto NAK packets my result in denial of service.\n\nCVE-2016-1548\n\nJonathan Gardner and Miroslav Lichvar discovered that ntpd clients could be forced to change from basic client/server mode to interleaved symmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\n\nMatthew van Gundy, Stephen Gray and Loganaden Velvindron discovered that timing leaks in the the packet authentication code could result in recovery of a message digest.\n\nCVE-2016-2516\n\nYihan Lian discovered that duplicate IPs on 'unconfig' directives will trigger an assert.\n\nCVE-2016-2518\n\nYihan Lian discovered that an OOB memory access could potentially crash ntpd.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u7.\n\nWe recommend that you upgrade your ntp packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-26T00:00:00", "type": "nessus", "title": "Debian DLA-559-1 : ntp security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2516", "CVE-2016-2518"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ntp", "p-cpe:/a:debian:debian_linux:ntp-doc", "p-cpe:/a:debian:debian_linux:ntpdate", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-559.NASL", "href": "https://www.tenable.com/plugins/nessus/92546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-559-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92546);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2516\", \"CVE-2016-2518\");\n\n script_name(english:\"Debian DLA-559-1 : ntp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs :\n\nCVE-2015-7974\n\nMatt Street discovered that insufficient key validation allows\nimpersonation attacks between authenticated peers.\n\nCVE-2015-7977 / CVE-2015-7978\n\nStephen Gray discovered that a NULL pointer dereference and a buffer\noverflow in the handling of 'ntpdc reslist' commands may result in\ndenial of service.\n\nCVE-2015-7979\n\nAanchal Malhotra discovered that if NTP is configured for broadcast\nmode, an attacker can send malformed authentication packets which\nbreak associations with the server for other broadcast clients.\n\nCVE-2015-8138\n\nMatthew van Gundy and Jonathan Gardner discovered that missing\nvalidation of origin timestamps in ntpd clients may result in denial\nof service.\n\nCVE-2015-8158\n\nJonathan Gardner discovered that missing input sanitising in ntpq may\nresult in denial of service.\n\nCVE-2016-1547\n\nStephen Gray and Matthew van Gundy discovered that incorrect handling\nof crypto NAK packets my result in denial of service.\n\nCVE-2016-1548\n\nJonathan Gardner and Miroslav Lichvar discovered that ntpd clients\ncould be forced to change from basic client/server mode to interleaved\nsymmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\n\nMatthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\nthat timing leaks in the the packet authentication code could result\nin recovery of a message digest.\n\nCVE-2016-2516\n\nYihan Lian discovered that duplicate IPs on 'unconfig' directives will\ntrigger an assert.\n\nCVE-2016-2518\n\nYihan Lian discovered that an OOB memory access could potentially\ncrash ntpd.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:4.2.6.p5+dfsg-2+deb7u7.\n\nWe recommend that you upgrade your ntp packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/07/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/ntp\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected ntp, ntp-doc, and ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ntp\", reference:\"1:4.2.6.p5+dfsg-2+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ntp-doc\", reference:\"1:4.2.6.p5+dfsg-2+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ntpdate\", reference:\"1:4.2.6.p5+dfsg-2+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:53:10", "description": "Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs :\n\n - CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers.\n\n - CVE-2015-7977 CVE-2015-7978 Stephen Gray discovered that a NULL pointer dereference and a buffer overflow in the handling of 'ntpdc reslist' commands may result in denial of service.\n\n - CVE-2015-7979 Aanchal Malhotra discovered that if NTP is configured for broadcast mode, an attacker can send malformed authentication packets which break associations with the server for other broadcast clients.\n\n - CVE-2015-8138 Matthew van Gundy and Jonathan Gardner discovered that missing validation of origin timestamps in ntpd clients may result in denial of service.\n\n - CVE-2015-8158 Jonathan Gardner discovered that missing input sanitising in ntpq may result in denial of service.\n\n - CVE-2016-1547 Stephen Gray and Matthew van Gundy discovered that incorrect handling of crypto NAK packets may result in denial of service.\n\n - CVE-2016-1548 Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients could be forced to change from basic client/server mode to interleaved symmetric mode, preventing time synchronisation.\n\n - CVE-2016-1550 Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered that timing leaks in the packet authentication code could result in recovery of a message digest.\n\n - CVE-2016-2516 Yihan Lian discovered that duplicate IPs on 'unconfig' directives will trigger an assert.\n\n - CVE-2016-2518 Yihan Lian discovered that an OOB memory access could potentially crash ntpd.", "cvss3": {}, "published": "2016-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-3629-1 : ntp - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2516", "CVE-2016-2518"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ntp", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3629.NASL", "href": "https://www.tenable.com/plugins/nessus/92571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3629. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92571);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2516\", \"CVE-2016-2518\");\n script_xref(name:\"DSA\", value:\"3629\");\n\n script_name(english:\"Debian DSA-3629-1 : ntp - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs :\n\n - CVE-2015-7974\n Matt Street discovered that insufficient key validation\n allows impersonation attacks between authenticated\n peers.\n\n - CVE-2015-7977 CVE-2015-7978\n Stephen Gray discovered that a NULL pointer dereference\n and a buffer overflow in the handling of 'ntpdc reslist'\n commands may result in denial of service.\n\n - CVE-2015-7979\n Aanchal Malhotra discovered that if NTP is configured\n for broadcast mode, an attacker can send malformed\n authentication packets which break associations with the\n server for other broadcast clients.\n\n - CVE-2015-8138\n Matthew van Gundy and Jonathan Gardner discovered that\n missing validation of origin timestamps in ntpd clients\n may result in denial of service.\n\n - CVE-2015-8158\n Jonathan Gardner discovered that missing input\n sanitising in ntpq may result in denial of service.\n\n - CVE-2016-1547\n Stephen Gray and Matthew van Gundy discovered that\n incorrect handling of crypto NAK packets may result in\n denial of service.\n\n - CVE-2016-1548\n Jonathan Gardner and Miroslav Lichvar discovered that\n ntpd clients could be forced to change from basic\n client/server mode to interleaved symmetric mode,\n preventing time synchronisation.\n\n - CVE-2016-1550\n Matthew van Gundy, Stephen Gray and Loganaden Velvindron\n discovered that timing leaks in the packet\n authentication code could result in recovery of a\n message digest.\n\n - CVE-2016-2516\n Yihan Lian discovered that duplicate IPs on 'unconfig'\n directives will trigger an assert.\n\n - CVE-2016-2518\n Yihan Lian discovered that an OOB memory access could\n potentially crash ntpd.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ntp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3629\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the ntp packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-7+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"ntp\", reference:\"1:4.2.6.p5+dfsg-7+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ntp-doc\", reference:\"1:4.2.6.p5+dfsg-7+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ntpdate\", reference:\"1:4.2.6.p5+dfsg-7+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:54:37", "description": "Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158 ---- Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7704", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-34BC10A2C8.NASL", "href": "https://www.tenable.com/plugins/nessus/89510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-34bc10a2c8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89510);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5300\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7704\", \"CVE-2015-7852\", \"CVE-2015-7871\", \"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\");\n script_xref(name:\"FEDORA\", value:\"2016-34bc10a2c8\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Fedora 22 : ntp-4.2.6p5-36.fc22 (2016-34bc10a2c8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977,\nCVE-2015-7978, CVE-2015-7979, CVE-2015-8158 ---- Security fix for\nCVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871,\nCVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1297471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1299442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300273\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b4d9af8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ntp-4.2.6p5-36.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:47", "description": "The remote AIX host has a version of Network Time Protocol (NTP) installed that is affected by the following vulnerabilities :\n\n - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this, via crafted NTP packets, to crash ntpd.\n (CVE 2015-5219)\n\n - A flaw exists in the ntp_crypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to disclose sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey functionality due to a failure in the crypto_bob2(), crypto_bob3(), and cert_sign() functions to properly validate the 'vallen' value. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the crypto_recv() function in the file ntp_crypto.c related to autokey functionality. An unauthenticated, remote attacker can exploit this, via an ongoing flood of NTPv4 autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper validation of packets containing certain autokey operations. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7702)\n\n - A denial of service vulnerability exists due to a logic flaw in the authreadkeys() function in the file authreadkeys.c when handling extended logging where the log and key files are set to be the same file. An authenticated, remote attacker can exploit this, via a crafted set of remote configuration requests, to cause the NTP service to stop responding. (CVE-2015-7850)\n\n - A overflow condition exists in the read_refclock_packet() function in the file ntp_io.c when handling negative data lengths. A local attacker can exploit this to crash the NTP service or possibly gain elevated privileges. (CVE-2015-7853)\n\n - A denial of service vulnerability exists due to an assertion flaw in the decodenetnum() function in the file decodenetnum.c when handling long data values in mode 6 and 7 packets. An unauthenticated, remote attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)\n\nThis plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin id 102321).", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 3 : ntp (IV79943) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855"], "modified": "2018-06-11T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV79943.NASL", "href": "https://www.tenable.com/plugins/nessus/88056", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory4.asc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2017/07/20. Deprecated by aix_ntp_v3_advisory8.nasl.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88056);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2018/07/20 0:18:51\");\n\n script_cve_id(\n \"CVE-2015-5219\",\n \"CVE-2015-7691\",\n \"CVE-2015-7692\",\n \"CVE-2015-7701\",\n \"CVE-2015-7702\",\n \"CVE-2015-7850\",\n \"CVE-2015-7853\",\n \"CVE-2015-7855\"\n );\n script_bugtraq_id(\n 76473,\n 77273,\n 77274,\n 77279,\n 77281,\n 77283,\n 77285,\n 77286\n );\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n script_xref(name:\"EDB-ID\", value:\"40840\");\n\n script_name(english:\"AIX 7.1 TL 3 : ntp (IV79943) (deprecated)\");\n script_summary(english:\"Check for APAR IV79943.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AIX host has a version of Network Time Protocol (NTP)\ninstalled that is affected by the following vulnerabilities :\n\n - A divide-by-zero error exists in file include/ntp.h\n when handling LOGTOD and ULOGTOD macros in a crafted\n NTP packet. An unauthenticated, remote attacker can\n exploit this, via crafted NTP packets, to crash ntpd.\n (CVE 2015-5219)\n\n - A flaw exists in the ntp_crypto.c file due to improper\n validation of the 'vallen' value in extension fields. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted autokey packets, to disclose\n sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey\n functionality due to a failure in the crypto_bob2(),\n crypto_bob3(), and cert_sign() functions to properly\n validate the 'vallen' value. An unauthenticated, remote\n attacker can exploit this, via specially crafted autokey\n packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the\n crypto_recv() function in the file ntp_crypto.c related\n to autokey functionality. An unauthenticated, remote\n attacker can exploit this, via an ongoing flood of NTPv4\n autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper\n validation of packets containing certain autokey\n operations. An unauthenticated, remote attacker can\n exploit this, via specially crafted autokey packets,\n to crash the NTP service. (CVE-2015-7702)\n\n - A denial of service vulnerability exists due to a logic\n flaw in the authreadkeys() function in the file\n authreadkeys.c when handling extended logging where the\n log and key files are set to be the same file. An\n authenticated, remote attacker can exploit this, via a\n crafted set of remote configuration requests, to cause\n the NTP service to stop responding. (CVE-2015-7850)\n\n - A overflow condition exists in the\n read_refclock_packet() function in the file ntp_io.c\n when handling negative data lengths. A local attacker\n can exploit this to crash the NTP service or possibly\n gain elevated privileges. (CVE-2015-7853)\n\n - A denial of service vulnerability exists due to an\n assertion flaw in the decodenetnum() function in the\n file decodenetnum.c when handling long data values in\n mode 6 and 7 packets. An unauthenticated, remote\n attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)\n\nThis plugin has been deprecated to better accommodate iFix\nsupersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin\nid 102321).\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2015-04\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Use aix_ntp_v3_advisory4.nasl (plugin ID 102321) instead.\");\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 7.1\", oslevel);\n}\n\noslevelcomplete = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevelcomplete, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nml = oslevelparts[1];\nsp = oslevelparts[2];\nif ( ml != \"03\" || sp != \"05\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 7.1 ML 03 SP 05\", oslevel + \" ML \" + ml + \" SP \" + sp);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit( 0, \"This AIX package check is disabled because : \" + get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nifixes_7135 = \"(IV79943s5b|IV83993m5a)\";\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:ifixes_7135, package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.45\") < 0) flag++;\n\nreport_note = '\\n' +\n 'Note that iFix IV79943s5b is a mutually exclusive installation with' + '\\n' +\n 'iFix IV74261s5a. Neither are cumulative with each other, and both are' + '\\n' +\n 'required to resolve two different vulnerabilities at this package' + '\\n' +\n 'level. Apply cumulative iFix IV83993m5a to address both. Please contact' + '\\n' +\n 'IBM for further details.' + '\\n';\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n aix_report_extra += report_note;\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:29:56", "description": "The remote AIX host has a version of Network Time Protocol (NTP) installed that is affected by the following vulnerabilities :\n\n - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this, via crafted NTP packets, to crash ntpd.\n (CVE 2015-5219)\n\n - A flaw exists in the ntp_crypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to disclose sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey functionality due to a failure in the crypto_bob2(), crypto_bob3(), and cert_sign() functions to properly validate the 'vallen' value. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the crypto_recv() function in the file ntp_crypto.c related to autokey functionality. An unauthenticated, remote attacker can exploit this, via an ongoing flood of NTPv4 autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper validation of packets containing certain autokey operations. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7702)\n\n - A denial of service vulnerability exists due to a logic flaw in the authreadkeys() function in the file authreadkeys.c when handling extended logging where the log and key files are set to be the same file. An authenticated, remote attacker can exploit this, via a crafted set of remote configuration requests, to cause the NTP service to stop responding. (CVE-2015-7850)\n\n - A overflow condition exists in the read_refclock_packet() function in the file ntp_io.c when handling negative data lengths. A local attacker can exploit this to crash the NTP service or possibly gain elevated privileges. (CVE-2015-7853)\n\n - A denial of service vulnerability exists due to an assertion flaw in the decodenetnum() function in the file decodenetnum.c when handling long data values in mode 6 and 7 packets. An unauthenticated, remote attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)", "cvss3": {}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:ntp:ntp"], "id": "AIX_NTP_V4_ADVISORY4.NASL", "href": "https://www.tenable.com/plugins/nessus/102322", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102322);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\n \"CVE-2015-5219\",\n \"CVE-2015-7691\",\n \"CVE-2015-7692\",\n \"CVE-2015-7701\",\n \"CVE-2015-7702\",\n \"CVE-2015-7850\",\n \"CVE-2015-7853\",\n \"CVE-2015-7855\"\n );\n script_bugtraq_id(\n 76473,\n 77273,\n 77274,\n 77279,\n 77281,\n 77283,\n 77285,\n 77286\n );\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n script_xref(name:\"EDB-ID\", value:\"40840\");\n\n script_name(english:\"AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)\");\n script_summary(english:\"Checks the version of the ntp packages for appropriate iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of NTP installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AIX host has a version of Network Time Protocol (NTP)\ninstalled that is affected by the following vulnerabilities :\n\n - A divide-by-zero error exists in file include/ntp.h\n when handling LOGTOD and ULOGTOD macros in a crafted\n NTP packet. An unauthenticated, remote attacker can\n exploit this, via crafted NTP packets, to crash ntpd.\n (CVE 2015-5219)\n\n - A flaw exists in the ntp_crypto.c file due to improper\n validation of the 'vallen' value in extension fields. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted autokey packets, to disclose\n sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey\n functionality due to a failure in the crypto_bob2(),\n crypto_bob3(), and cert_sign() functions to properly\n validate the 'vallen' value. An unauthenticated, remote\n attacker can exploit this, via specially crafted autokey\n packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the\n crypto_recv() function in the file ntp_crypto.c related\n to autokey functionality. An unauthenticated, remote\n attacker can exploit this, via an ongoing flood of NTPv4\n autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper\n validation of packets containing certain autokey\n operations. An unauthenticated, remote attacker can\n exploit this, via specially crafted autokey packets,\n to crash the NTP service. (CVE-2015-7702)\n\n - A denial of service vulnerability exists due to a logic\n flaw in the authreadkeys() function in the file\n authreadkeys.c when handling extended logging where the\n log and key files are set to be the same file. An\n authenticated, remote attacker can exploit this, via a\n crafted set of remote configuration requests, to cause\n the NTP service to stop responding. (CVE-2015-7850)\n\n - A overflow condition exists in the\n read_refclock_packet() function in the file ntp_io.c\n when handling negative data lengths. A local attacker\n can exploit this to crash the NTP service or possibly\n gain elevated privileges. (CVE-2015-7853)\n\n - A denial of service vulnerability exists due to an\n assertion flaw in the decodenetnum() function in the\n file decodenetnum.c when handling long data values in\n mode 6 and 7 packets. An unauthenticated, remote\n attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevel = oslevel - \"AIX-\";\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\naix_ntp_vulns = {\n \"6.1\": {\n \"minfilesetver\":\"6.1.6.0\",\n \"maxfilesetver\":\"6.1.6.4\",\n \"patch\":\"(IV79954m4a|IV81129m6a|IV83992s5a|IV87278s7a|IV92287m5a|IV96311m5a)\"\n },\n \"7.1\": {\n \"minfilesetver\":\"7.1.0.0\",\n \"maxfilesetver\":\"7.1.0.4\",\n \"patch\":\"(IV79955m4a|IV81130m5a|IV83983s5a|IV87279s7a|IV92287m5a|IV96312m5a)\"\n },\n \"7.2\": {\n \"minfilesetver\":\"7.1.0.0\",\n \"maxfilesetver\":\"7.1.0.4\",\n \"patch\":\"(IV79955m4a|IV81130m5a|IV83983s5a|IV87279s7a|IV92126m3a|IV96312m5a)\"\n }\n};\n\nversion_report = \"AIX \" + oslevel;\nif ( empty_or_null(aix_ntp_vulns[oslevel]) ) {\n os_options = join( sort( keys(aix_ntp_vulns) ), sep:' / ' );\n audit(AUDIT_OS_NOT, os_options, version_report);\n}\n\nforeach oslevel ( keys(aix_ntp_vulns) ) {\n package_info = aix_ntp_vulns[oslevel];\n minfilesetver = package_info[\"minfilesetver\"];\n maxfilesetver = package_info[\"maxfilesetver\"];\n patch = package_info[\"patch\"];\n if (aix_check_ifix(release:oslevel, patch:patch, package:\"ntp.rte\", minfilesetver:minfilesetver, maxfilesetver:maxfilesetver) < 0) flag++;\n}\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp.rte\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:29:52", "description": "Several security issues where found in ntp :\n\nCVE-2015-5146\n\nA flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if :\n\n - ntpd enabled remote configuration\n\n - The attacker had the knowledge of the configuration password\n\n - The attacker had access to a computer entrusted to perform remote configuration\n\n Note that remote configuration is disabled by default in NTP. \n\nCVE-2015-5194\n\nIt was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n\nCVE-2015-5195\n\nIt was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) is referenced by the statistics or filegen configuration command\n\nCVE-2015-5219\n\nIt was discovered that sntp program would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double.\n\nCVE-2015-5300\n\nIt was found that ntpd did not correctly implement the -g option:\nNormally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. ntpd could actually step the clock multiple times by more than the panic threshold if its clock discipline doesn't have enough time to reach the sync state and stay there for at least one update. If a man-in-the-middle attacker can control the NTP traffic since ntpd was started (or maybe up to 15-30 minutes after that), they can prevent the client from reaching the sync state and force it to step its clock by any amount any number of times, which can be used by attackers to expire certificates, etc.\nThis is contrary to what the documentation says. Normally, the assumption is that an MITM attacker can step the clock more than the panic threshold only once when ntpd starts and to make a larger adjustment the attacker has to divide it into multiple smaller steps, each taking 15 minutes, which is slow.\n\nCVE-2015-7691, CVE-2015-7692, CVE-2015-7702\n\nIt was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash.\n\nCVE-2015-7701\n\nA memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory.\n\nCVE-2015-7703\n\nMiroslav Lichvár of Red Hat found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). For example: ntpq -c ':config pidfile /tmp/ntp.pid' ntpq -c ':config driftfile /tmp/ntp.drift' In Debian ntpd is configured to drop root privileges, which limits the impact of this issue.\n\nCVE-2015-7704\n\nWhen ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from the server to reduce its polling rate, it doesn't check if the originate timestamp in the reply matches the transmit timestamp from its request. An off-path attacker can send a crafted KoD packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server.\n\nCVE-2015-7850\n\nAn exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability.\n\nCVE-2015-7851\n\nA potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a path traversal potentially resulting in files being overwritten. An attacker could provide a malicious path to trigger this vulnerability.\n\nThis issue does not affect Debian.\n\nCVE-2015-7852\n\nA potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds.\n\nCVE-2015-7855\n\nIt was found that NTP's decodenetnum() would abort with an assertion failure when processing a mode 6 or mode 7 packet containing an unusually long data value where a network address was expected. This could allow an authenticated attacker to crash ntpd.\n\nCVE-2015-7871\n\nAn error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto-NAK packets to ntpd. This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-29T00:00:00", "type": "nessus", "title": "Debian DLA-335-1 : ntp security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5146", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7850", "CVE-2015-7851", "CVE-2015-7852", "CVE-2015-7855", "CVE-2015-7871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ntp", "p-cpe:/a:debian:debian_linux:ntp-doc", "p-cpe:/a:debian:debian_linux:ntpdate", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-335.NASL", "href": "https://www.tenable.com/plugins/nessus/86640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-335-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86640);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5146\", \"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-5300\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7704\", \"CVE-2015-7850\", \"CVE-2015-7851\", \"CVE-2015-7852\", \"CVE-2015-7855\", \"CVE-2015-7871\");\n script_bugtraq_id(75589);\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Debian DLA-335-1 : ntp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues where found in ntp :\n\nCVE-2015-5146\n\nA flaw was found in the way ntpd processed certain remote\nconfiguration packets. An attacker could use a specially crafted\npackage to cause ntpd to crash if :\n\n - ntpd enabled remote configuration\n\n - The attacker had the knowledge of the configuration\n password\n\n - The attacker had access to a computer entrusted to\n perform remote configuration\n\n Note that remote configuration is disabled by default in\n NTP. \n\nCVE-2015-5194\n\nIt was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n\nCVE-2015-5195\n\nIt was found that ntpd exits with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) is referenced by the statistics or filegen configuration\ncommand\n\nCVE-2015-5219\n\nIt was discovered that sntp program would hang in an infinite loop\nwhen a crafted NTP packet was received, related to the conversion of\nthe precision value in the packet to double.\n\nCVE-2015-5300\n\nIt was found that ntpd did not correctly implement the -g option:\nNormally, ntpd exits with a message to the system log if the offset\nexceeds the panic threshold, which is 1000 s by default. This option\nallows the time to be set to any value without restriction; however,\nthis can happen only once. If the threshold is exceeded after that,\nntpd will exit with a message to the system log. This option can be\nused with the -q and -x options. ntpd could actually step the clock\nmultiple times by more than the panic threshold if its clock\ndiscipline doesn't have enough time to reach the sync state and stay\nthere for at least one update. If a man-in-the-middle attacker can\ncontrol the NTP traffic since ntpd was started (or maybe up to 15-30\nminutes after that), they can prevent the client from reaching the\nsync state and force it to step its clock by any amount any number of\ntimes, which can be used by attackers to expire certificates, etc.\nThis is contrary to what the documentation says. Normally, the\nassumption is that an MITM attacker can step the clock more than the\npanic threshold only once when ntpd starts and to make a larger\nadjustment the attacker has to divide it into multiple smaller steps,\neach taking 15 minutes, which is slow.\n\nCVE-2015-7691, CVE-2015-7692, CVE-2015-7702\n\nIt was found that the fix for CVE-2014-9750 was incomplete: three\nissues were found in the value length checks in ntp_crypto.c, where a\npacket with particular autokey operations that contained malicious\ndata was not always being completely validated. Receipt of these\npackets can cause ntpd to crash.\n\nCVE-2015-7701\n\nA memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is\nconfigured to use autokey authentication, an attacker could send\npackets to ntpd that would, after several days of ongoing attack,\ncause it to run out of memory.\n\nCVE-2015-7703\n\nMiroslav Lichvár of Red Hat found that the :config command can\nbe used to set the pidfile and driftfile paths without any\nrestrictions. A remote attacker could use this flaw to overwrite a\nfile on the file system with a file containing the pid of the ntpd\nprocess (immediately) or the current estimated drift of the system\nclock (in hourly intervals). For example: ntpq -c ':config pidfile\n/tmp/ntp.pid' ntpq -c ':config driftfile /tmp/ntp.drift' In Debian\nntpd is configured to drop root privileges, which limits the impact of\nthis issue.\n\nCVE-2015-7704\n\nWhen ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from\nthe server to reduce its polling rate, it doesn't check if the\noriginate timestamp in the reply matches the transmit timestamp from\nits request. An off-path attacker can send a crafted KoD packet to the\nclient, which will increase the client's polling interval to a large\nvalue and effectively disable synchronization with the server.\n\nCVE-2015-7850\n\nAn exploitable denial of service vulnerability exists in the remote\nconfiguration functionality of the Network Time Protocol. A specially\ncrafted configuration file could cause an endless loop resulting in a\ndenial of service. An attacker could provide a the malicious\nconfiguration file to trigger this vulnerability.\n\nCVE-2015-7851\n\nA potential path traversal vulnerability exists in the config file\nsaving of ntpd on VMS. A specially crafted path could cause a path\ntraversal potentially resulting in files being overwritten. An\nattacker could provide a malicious path to trigger this vulnerability.\n\nThis issue does not affect Debian.\n\nCVE-2015-7852\n\nA potential off by one vulnerability exists in the cookedprint\nfunctionality of ntpq. A specially crafted buffer could cause a buffer\noverflow potentially resulting in null byte being written out of\nbounds.\n\nCVE-2015-7855\n\nIt was found that NTP's decodenetnum() would abort with an assertion\nfailure when processing a mode 6 or mode 7 packet containing an\nunusually long data value where a network address was expected. This\ncould allow an authenticated attacker to crash ntpd.\n\nCVE-2015-7871\n\nAn error handling logic error exists within ntpd that manifests due to\nimproper error condition handling associated with certain crypto-NAK\npackets. An unauthenticated, off-path attacker can force ntpd\nprocesses on targeted servers to peer with time sources of the\nattacker's choosing by transmitting symmetric active crypto-NAK\npackets to ntpd. This attack bypasses the authentication typically\nrequired to establish a peer association and allows an attacker to\nmake arbitrary changes to system time.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/ntp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected ntp, ntp-doc, and ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"ntp\", reference:\"1:4.2.6.p2+dfsg-1+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ntp-doc\", reference:\"1:4.2.6.p2+dfsg-1+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ntpdate\", reference:\"1:4.2.6.p2+dfsg-1+deb6u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:46", "description": "Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the remote configuration functionality. By sending a specially crafted configuration file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin id 102321).", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "AIX 5.3 TL 12 : ntp (IV79946) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855"], "modified": "2017-08-09T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IV79946.NASL", "href": "https://www.tenable.com/plugins/nessus/88059", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory4.asc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2017/07/20. Deprecated by aix_ntp_v3_advisory8.nasl.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88059);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/20 0:18:51\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7850\", \"CVE-2015-7853\", \"CVE-2015-7855\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"AIX 5.3 TL 12 : ntp (IV79946) (deprecated)\");\n script_summary(english:\"Check for APAR IV79946\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Network Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by an error in the sntp program. By sending specially crafted\nNTP packets, a remote attacker from within the local network could\nexploit this vulnerability to cause the application to enter into an\ninfinite loop. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) could allow a remote\nattacker to obtain sensitive information, caused by a memory leak in\nCRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain\nsensitive information. Network Time Protocol (NTP) is vulnerable to a\ndenial of service, caused by an error in ntp_crypto.c. An attacker\ncould exploit this vulnerability using a packet containing an\nextension field with an invalid value for the length of its value\nfield to cause ntpd to crash. Network Time Protocol (NTP) is\nvulnerable to a denial of service, caused by an error in the remote\nconfiguration functionality. By sending a specially crafted\nconfiguration file, an attacker could exploit this vulnerability to\ncause the application to enter into an infinite loop. Network Time\nProtocol (NTP) is vulnerable to a buffer overflow, caused by improper\nbounds checking by the refclock of ntpd. By sending an overly long\nstring, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by ASSERT botch instead of returning FAIL on some invalid\nvalues by the decodenetnum() function. An attacker could exploit this\nvulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix\nsupersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin\nid 102321).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Use aix_ntp_v3_advisory4.nasl (plugin ID 102321) instead.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV79946s9a\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.10\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:29:09", "description": "The remote AIX host has a version of Network Time Protocol (NTP) installed that is affected by the following vulnerabilities :\n\n - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this, via crafted NTP packets, to crash ntpd.\n (CVE 2015-5219)\n\n - A flaw exists in the ntp_crypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to disclose sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey functionality due to a failure in the crypto_bob2(), crypto_bob3(), and cert_sign() functions to properly validate the 'vallen' value. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the crypto_recv() function in the file ntp_crypto.c related to autokey functionality. An unauthenticated, remote attacker can exploit this, via an ongoing flood of NTPv4 autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper validation of packets containing certain autokey operations. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7702)\n\n - A denial of service vulnerability exists due to a logic flaw in the authreadkeys() function in the file authreadkeys.c when handling extended logging where the log and key files are set to be the same file. An authenticated, remote attacker can exploit this, via a crafted set of remote configuration requests, to cause the NTP service to stop responding. (CVE-2015-7850)\n\n - A overflow condition exists in the read_refclock_packet() function in the file ntp_io.c when handling negative data lengths. A local attacker can exploit this to crash the NTP service or possibly gain elevated privileges. (CVE-2015-7853)\n\n - A denial of service vulnerability exists due to an assertion flaw in the decodenetnum() function in the file decodenetnum.c when handling long data values in mode 6 and 7 packets. An unauthenticated, remote attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)", "cvss3": {}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:ntp:ntp"], "id": "AIX_NTP_V3_ADVISORY4.NASL", "href": "https://www.tenable.com/plugins/nessus/102321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102321);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\n \"CVE-2015-5219\",\n \"CVE-2015-7691\",\n \"CVE-2015-7692\",\n \"CVE-2015-7701\",\n \"CVE-2015-7702\",\n \"CVE-2015-7850\",\n \"CVE-2015-7853\",\n \"CVE-2015-7855\"\n );\n script_bugtraq_id(\n 76473,\n 77273,\n 77274,\n 77279,\n 77281,\n 77283,\n 77285,\n 77286\n );\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n script_xref(name:\"EDB-ID\", value:\"40840\");\n\n script_name(english:\"AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)\");\n script_summary(english:\"Checks the version of the ntp packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of NTP installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AIX host has a version of Network Time Protocol (NTP)\ninstalled that is affected by the following vulnerabilities :\n\n - A divide-by-zero error exists in file include/ntp.h\n when handling LOGTOD and ULOGTOD macros in a crafted\n NTP packet. An unauthenticated, remote attacker can\n exploit this, via crafted NTP packets, to crash ntpd.\n (CVE 2015-5219)\n\n - A flaw exists in the ntp_crypto.c file due to improper\n validation of the 'vallen' value in extension fields. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted autokey packets, to disclose\n sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey\n functionality due to a failure in the crypto_bob2(),\n crypto_bob3(), and cert_sign() functions to properly\n validate the 'vallen' value. An unauthenticated, remote\n attacker can exploit this, via specially crafted autokey\n packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the\n crypto_recv() function in the file ntp_crypto.c related\n to autokey functionality. An unauthenticated, remote\n attacker can exploit this, via an ongoing flood of NTPv4\n autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper\n validation of packets containing certain autokey\n operations. An unauthenticated, remote attacker can\n exploit this, via specially crafted autokey packets,\n to crash the NTP service. (CVE-2015-7702)\n\n - A denial of service vulnerability exists due to a logic\n flaw in the authreadkeys() function in the file\n authreadkeys.c when handling extended logging where the\n log and key files are set to be the same file. An\n authenticated, remote attacker can exploit this, via a\n crafted set of remote configuration requests, to cause\n the NTP service to stop responding. (CVE-2015-7850)\n\n - A overflow condition exists in the\n read_refclock_packet() function in the file ntp_io.c\n when handling negative data lengths. A local attacker\n can exploit this to crash the NTP service or possibly\n gain elevated privileges. (CVE-2015-7853)\n\n - A denial of service vulnerability exists due to an\n assertion flaw in the decodenetnum() function in the\n file decodenetnum.c when handling long data values in\n mode 6 and 7 packets. An unauthenticated, remote\n attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevel = oslevel - \"AIX-\";\n\noslevelcomplete = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevelcomplete, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nml = oslevelparts[1];\nsp = oslevelparts[2];\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\naix_ntp_vulns = {\n \"5.3\": {\n \"12\": {\n \"09\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"5.3.12.0\",\n \"maxfilesetver\":\"5.3.12.10\",\n \"patch\":\"(IV79946s9a|IV84269m9a|IV87614m9a|IV92194m9a|IV96305m9a)\"\n }\n }\n }\n },\n \"6.1\": {\n \"09\": {\n \"06\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"6.1.9.0\",\n \"maxfilesetver\":\"6.1.9.101\",\n \"patch\":\"(IV79942s6a|IV83984m6a|IV87419m6a|IV91803m6a)\"\n }\n }\n }\n },\n \"7.1\": {\n \"03\": {\n \"05\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.3.0\",\n \"maxfilesetver\":\"7.1.3.45\",\n \"patch\":\"(IV79943s5b|IV83993m5a|IV87615m5a|IV92193m5a)\"\n }\n }\n },\n \"04\": {\n \"01\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.4.0\",\n \"maxfilesetver\":\"7.1.4.0\",\n \"patch\":\"(IV79944s1a|IV83994m1a|IV87420m0a|IV91951m3a)\"\n }\n }\n }\n },\n \"7.2\": {\n \"00\": {\n \"01\": {\n \"bos.net.tcp.ntp\": {\n \"minfilesetver\":\"7.2.0.0\",\n \"maxfilesetver\":\"7.2.0.0\",\n \"patch\":\"(IV79945s1a|IV83995m1a|IV87939m0b|IV92192m2a)\"\n },\n \"bos.net.tcp.ntpd\": {\n \"minfilesetver\":\"7.2.0.0\",\n \"maxfilesetver\":\"7.2.0.0\",\n \"patch\":\"(IV79945s1a|IV83995m1a|IV87939m0b|IV92192m2a)\"\n }\n }\n }\n }\n};\n\nversion_report = \"AIX \" + oslevel;\nif ( empty_or_null(aix_ntp_vulns[oslevel]) ) {\n os_options = join( sort( keys(aix_ntp_vulns) ), sep:' / ' );\n audit(AUDIT_OS_NOT, os_options, version_report);\n}\n\nversion_report = version_report + \" ML \" + ml;\nif ( empty_or_null(aix_ntp_vulns[oslevel][ml]) ) {\n ml_options = join( sort( keys(aix_ntp_vulns[oslevel]) ), sep:' / ' );\n audit(AUDIT_OS_NOT, \"ML \" + ml_options, version_report);\n}\n\nversion_report = version_report + \" SP \" + sp;\nif ( empty_or_null(aix_ntp_vulns[oslevel][ml][sp]) ) {\n sp_options = join( sort( keys(aix_ntp_vulns[oslevel][ml]) ), sep:' / ' );\n audit(AUDIT_OS_NOT, \"SP \" + sp_options, version_report);\n}\n\nforeach package ( keys(aix_ntp_vulns[oslevel][ml][sp]) ) {\n package_info = aix_ntp_vulns[oslevel][ml][sp][package];\n minfilesetver = package_info[\"minfilesetver\"];\n maxfilesetver = package_info[\"maxfilesetver\"];\n patch = package_info[\"patch\"];\n if (aix_check_ifix(release:oslevel, ml:ml, sp:sp, patch:patch, package:package, minfilesetver:minfilesetver, maxfilesetver:maxfilesetver) < 0) flag++;\n}\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.ntp / bos.net.tcp.ntpd / bos.net.tcp.client\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:46", "description": "Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the remote configuration functionality. By sending a specially crafted configuration file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin id 102321).", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 0 : ntp (IV79945) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855"], "modified": "2017-08-09T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IV79945.NASL", "href": "https://www.tenable.com/plugins/nessus/88058", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory4.asc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2017/07/20. Deprecated by aix_ntp_v3_advisory8.nasl.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88058);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/20 0:18:51\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7850\", \"CVE-2015-7853\", \"CVE-2015-7855\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"AIX 7.2 TL 0 : ntp (IV79945) (deprecated)\");\n script_summary(english:\"Check for APAR IV79945\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Network Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by an error in the sntp program. By sending specially crafted\nNTP packets, a remote attacker from within the local network could\nexploit this vulnerability to cause the application to enter into an\ninfinite loop. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) could allow a remote\nattacker to obtain sensitive information, caused by a memory leak in\nCRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain\nsensitive information. Network Time Protocol (NTP) is vulnerable to a\ndenial of service, caused by an error in ntp_crypto.c. An attacker\ncould exploit this vulnerability using a packet containing an\nextension field with an invalid value for the length of its value\nfield to cause ntpd to crash. Network Time Protocol (NTP) is\nvulnerable to a denial of service, caused by an error in the remote\nconfiguration functionality. By sending a specially crafted\nconfiguration file, an attacker could exploit this vulnerability to\ncause the application to enter into an infinite loop. Network Time\nProtocol (NTP) is vulnerable to a buffer overflow, caused by improper\nbounds checking by the refclock of ntpd. By sending an overly long\nstring, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by ASSERT botch instead of returning FAIL on some invalid\nvalues by the decodenetnum() function. An attacker could exploit this\nvulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix\nsupersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin\nid 102321).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Use aix_ntp_v3_advisory4.nasl (plugin ID 102321) instead.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"01\", patch:\"IV79945s1a\", package:\"bos.net.tcp.ntp\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"01\", patch:\"IV79945s1a\", package:\"bos.net.tcp.ntpd\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:53:58", "description": "Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : ntp-4.2.6p5-34.fc23 (2015-f5f5ec7b6b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7704", "CVE-2015-7852", "CVE-2015-7871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-F5F5EC7B6B.NASL", "href": "https://www.tenable.com/plugins/nessus/89461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-f5f5ec7b6b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89461);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5300\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7704\", \"CVE-2015-7852\", \"CVE-2015-7871\");\n script_xref(name:\"FEDORA\", value:\"2015-f5f5ec7b6b\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Fedora 23 : ntp-4.2.6p5-34.fc23 (2015-f5f5ec7b6b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692,\nCVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852,\nCVE-2015-7701\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274265\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e14a9ad\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"ntp-4.2.6p5-34.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:17", "description": "Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the remote configuration functionality. By sending a specially crafted configuration file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin id 102321).", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 4 : ntp (IV79944) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855"], "modified": "2017-08-09T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV79944.NASL", "href": "https://www.tenable.com/plugins/nessus/88057", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory4.asc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2017/07/20. Deprecated by aix_ntp_v3_advisory8.nasl.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88057);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/20 0:18:51\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7850\", \"CVE-2015-7853\", \"CVE-2015-7855\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"AIX 7.1 TL 4 : ntp (IV79944) (deprecated)\");\n script_summary(english:\"Check for APAR IV79944\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Network Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by an error in the sntp program. By sending specially crafted\nNTP packets, a remote attacker from within the local network could\nexploit this vulnerability to cause the application to enter into an\ninfinite loop. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) could allow a remote\nattacker to obtain sensitive information, caused by a memory leak in\nCRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain\nsensitive information. Network Time Protocol (NTP) is vulnerable to a\ndenial of service, caused by an error in ntp_crypto.c. An attacker\ncould exploit this vulnerability using a packet containing an\nextension field with an invalid value for the length of its value\nfield to cause ntpd to crash. Network Time Protocol (NTP) is\nvulnerable to a denial of service, caused by an error in the remote\nconfiguration functionality. By sending a specially crafted\nconfiguration file, an attacker could exploit this vulnerability to\ncause the application to enter into an infinite loop. Network Time\nProtocol (NTP) is vulnerable to a buffer overflow, caused by improper\nbounds checking by the refclock of ntpd. By sending an overly long\nstring, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by ASSERT botch instead of returning FAIL on some invalid\nvalues by the decodenetnum() function. An attacker could exploit this\nvulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix\nsupersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin\nid 102321).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Use aix_ntp_v3_advisory4.nasl (plugin ID 102321) instead.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"01\", patch:\"IV79944s1a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:30", "description": "Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the remote configuration functionality. By sending a specially crafted configuration file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin id 102321).", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 9 : ntp (IV79942) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855"], "modified": "2017-08-09T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV79942.NASL", "href": "https://www.tenable.com/plugins/nessus/88055", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory4.asc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2017/08/09. Deprecated by aix_ntp_v3_advisory4.nasl.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88055);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/20 0:18:51\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7850\", \"CVE-2015-7853\", \"CVE-2015-7855\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"AIX 6.1 TL 9 : ntp (IV79942) (deprecated)\");\n script_summary(english:\"Check for APAR IV79942\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Network Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by an error in the sntp program. By sending specially crafted\nNTP packets, a remote attacker from within the local network could\nexploit this vulnerability to cause the application to enter into an\ninfinite loop. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial\nof service, caused by an error in ntp_crypto.c. An attacker could\nexploit this vulnerability using a packet containing an extension\nfield with an invalid value for the length of its value field to cause\nntpd to crash. Network Time Protocol (NTP) could allow a remote\nattacker to obtain sensitive information, caused by a memory leak in\nCRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain\nsensitive information. Network Time Protocol (NTP) is vulnerable to a\ndenial of service, caused by an error in ntp_crypto.c. An attacker\ncould exploit this vulnerability using a packet containing an\nextension field with an invalid value for the length of its value\nfield to cause ntpd to crash. Network Time Protocol (NTP) is\nvulnerable to a denial of service, caused by an error in the remote\nconfiguration functionality. By sending a specially crafted\nconfiguration file, an attacker could exploit this vulnerability to\ncause the application to enter into an infinite loop. Network Time\nProtocol (NTP) is vulnerable to a buffer overflow, caused by improper\nbounds checking by the refclock of ntpd. By sending an overly long\nstring, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\nNetwork Time Protocol (NTP) is vulnerable to a denial of service,\ncaused by ASSERT botch instead of returning FAIL on some invalid\nvalues by the decodenetnum() function. An attacker could exploit this\nvulnerability to cause a denial of service.\n\nThis plugin has been deprecated to better accommodate iFix\nsupersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin\nid 102321).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Use aix_ntp_v3_advisory4.nasl (plugin ID 102321) instead.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"06\", patch:\"IV79942s6a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.101\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:28:52", "description": "As discussed upstream, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. (CVE-2015-5146)\n\nIt was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nIt was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\nIt was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g.\ntimingstats) is referenced by the statistics or filegen configuration command. (CVE-2015-5195)\n\nIt was discovered that sntp would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. (CVE-2015-5219)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)", "cvss3": {}, "published": "2015-09-03T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ntp (ALAS-2015-593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3405", "CVE-2015-5146", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7703"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntpdate", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-593.NASL", "href": "https://www.tenable.com/plugins/nessus/85751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-593.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85751);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2015-3405\", \"CVE-2015-5146\", \"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-7703\");\n script_xref(name:\"ALAS\", value:\"2015-593\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2015-593)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"As discussed upstream, a flaw was found in the way ntpd processed\ncertain remote configuration packets. Note that remote configuration\nis disabled by default in NTP. (CVE-2015-5146)\n\nIt was found that the :config command can be used to set the pidfile\nand driftfile paths without any restrictions. A remote attacker could\nuse this flaw to overwrite a file on the file system with a file\ncontaining the pid of the ntpd process (immediately) or the current\nestimated drift of the system clock (in hourly intervals).\n(CVE-2015-7703)\n\nIt was found that ntpd could crash due to an uninitialized variable\nwhen processing malformed logconfig configuration commands.\n(CVE-2015-5194)\n\nIt was found that ntpd exits with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g.\ntimingstats) is referenced by the statistics or filegen configuration\ncommand. (CVE-2015-5195)\n\nIt was discovered that sntp would hang in an infinite loop when a\ncrafted NTP packet was received, related to the conversion of the\nprecision value in the packet to double. (CVE-2015-5219)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\"\n );\n # http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1d497be\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-593.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.6p5-33.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.6p5-33.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.6p5-33.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.6p5-33.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.6p5-33.26.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:19:19", "description": "Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs :\n\n - CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if :\n\n - ntpd enabled remote configuration\n - The attacker had the knowledge of the configuration password\n\n - The attacker had access to a computer entrusted to perform remote configuration\n\n Note that remote configuration is disabled by default in NTP.\n\n - CVE-2015-5194 It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.\n\n - CVE-2015-5195 It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command.\n\n - CVE-2015-5219 It was discovered that sntp program would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double.\n\n - CVE-2015-5300 It was found that ntpd did not correctly implement the\n -g option :\n\n Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options.\n\n ntpd could actually step the clock multiple times by more than the panic threshold if its clock discipline doesn't have enough time to reach the sync state and stay there for at least one update. If a man-in-the-middle attacker can control the NTP traffic since ntpd was started (or maybe up to 15-30 minutes after that), they can prevent the client from reaching the sync state and force it to step its clock by any amount any number of times, which can be used by attackers to expire certificates, etc.\n\n This is contrary to what the documentation says. Normally, the assumption is that an MITM attacker can step the clock more than the panic threshold only once when ntpd starts and to make a larger adjustment the attacker has to divide it into multiple smaller steps, each taking 15 minutes, which is slow.\n\n - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash.\n\n - CVE-2015-7701 A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory.\n\n - CVE-2015-7703 Miroslav Lichvar of Red Hat found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). For example :\n\n ntpq -c ':config pidfile /tmp/ntp.pid'ntpq -c ':config driftfile /tmp/ntp.drift'\n\n In Debian ntpd is configured to drop root privileges, which limits the impact of this issue.\n\n - CVE-2015-7704 If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from the server to reduce its polling rate, it doesn't check if the originate timestamp in the reply matches the transmit timestamp from its request. An off-path attacker can send a crafted KoD packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server.\n\n - CVE-2015-7850 An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a malicious configuration file to trigger this vulnerability.\n\n - CVE-2015-7852 A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds.\n\n - CVE-2015-7855 It was found that NTP's decodenetnum() would abort with an assertion failure when processing a mode 6 or mode 7 packet containing an unusually long data value where a network address was expected. This could allow an authenticated attacker to crash ntpd.\n\n - CVE-2015-7871 An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto-NAK packets to ntpd. This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time.", "cvss3": {}, "published": "2015-11-02T00:00:00", "type": "nessus", "title": "Debian DSA-3388-1 : ntp - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2014-9751", "CVE-2015-3405", "CVE-2015-5146", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7850", "CVE-2015-7852", "CVE-2015-7855", "CVE-2015-7871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ntp", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3388.NASL", "href": "https://www.tenable.com/plugins/nessus/86682", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3388. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86682);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-3405\", \"CVE-2015-5146\", \"CVE-2015-5194\", \"CVE-2015-5195\", \"CVE-2015-5219\", \"CVE-2015-5300\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7701\", \"CVE-2015-7702\", \"CVE-2015-7703\", \"CVE-2015-7704\", \"CVE-2015-7850\", \"CVE-2015-7852\", \"CVE-2015-7855\", \"CVE-2015-7871\");\n script_xref(name:\"DSA\", value:\"3388\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Debian DSA-3388-1 : ntp - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs :\n\n - CVE-2015-5146\n A flaw was found in the way ntpd processed certain\n remote configuration packets. An attacker could use a\n specially crafted package to cause ntpd to crash if :\n\n - ntpd enabled remote configuration\n - The attacker had the knowledge of the configuration\n password\n\n - The attacker had access to a computer entrusted to\n perform remote configuration\n\n Note that remote configuration is disabled by default\n in NTP.\n\n - CVE-2015-5194\n It was found that ntpd could crash due to an\n uninitialized variable when processing malformed\n logconfig configuration commands.\n\n - CVE-2015-5195\n It was found that ntpd exits with a segmentation fault\n when a statistics type that was not enabled during\n compilation (e.g. timingstats) is referenced by the\n statistics or filegen configuration command.\n\n - CVE-2015-5219\n It was discovered that sntp program would hang in an\n infinite loop when a crafted NTP packet was received,\n related to the conversion of the precision value in the\n packet to double.\n\n - CVE-2015-5300\n It was found that ntpd did not correctly implement the\n -g option :\n\n Normally, ntpd exits with a message to the system log if the offset\n exceeds the panic threshold, which is 1000 s by default. This option\n allows the time to be set to any value without restriction; however,\n this can happen only once. If the threshold is exceeded after that,\n ntpd will exit with a message to the system log. This option can be\n used with the -q and -x options.\n\n ntpd could actually step the clock multiple times by more than the\n panic threshold if its clock discipline doesn't have enough time to\n reach the sync state and stay there for at least one update. If a\n man-in-the-middle attacker can control the NTP traffic since ntpd\n was started (or maybe up to 15-30 minutes after that), they can\n prevent the client from reaching the sync state and force it to step\n its clock by any amount any number of times, which can be used by\n attackers to expire certificates, etc.\n\n This is contrary to what the documentation says. Normally, the\n assumption is that an MITM attacker can step the clock more than the\n panic threshold only once when ntpd starts and to make a larger\n adjustment the attacker has to divide it into multiple smaller\n steps, each taking 15 minutes, which is slow.\n\n - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702\n It was found that the fix for CVE-2014-9750 was\n incomplete: three issues were found in the value length\n checks in ntp_crypto.c, where a packet with particular\n autokey operations that contained malicious data was not\n always being completely validated. Receipt of these\n packets can cause ntpd to crash.\n\n - CVE-2015-7701\n A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If\n ntpd is configured to use autokey authentication, an\n attacker could send packets to ntpd that would, after\n several days of ongoing attack, cause it to run out of\n memory.\n\n - CVE-2015-7703\n Miroslav Lichvar of Red Hat found that the :config\n command can be used to set the pidfile and driftfile\n paths without any restrictions. A remote attacker could\n use this flaw to overwrite a file on the file system\n with a file containing the pid of the ntpd process\n (immediately) or the current estimated drift of the\n system clock (in hourly intervals). For example :\n\n ntpq -c ':config pidfile /tmp/ntp.pid'ntpq -c ':config driftfile\n /tmp/ntp.drift'\n\n In Debian ntpd is configured to drop root privileges, which limits\n the impact of this issue.\n\n - CVE-2015-7704\n If ntpd as an NTP client receives a Kiss-of-Death (KoD)\n packet from the server to reduce its polling rate, it\n doesn't check if the originate timestamp in the reply\n matches the transmit timestamp from its request. An\n off-path attacker can send a crafted KoD packet to the\n client, which will increase the client's polling\n interval to a large value and effectively disable\n synchronization with the server.\n\n - CVE-2015-7850\n An exploitable denial of service vulnerability exists in\n the remote configuration functionality of the Network\n Time Protocol. A specially crafted configuration file\n could cause an endless loop resulting in a denial of\n service. An attacker could provide a malicious\n configuration file to trigger this vulnerability.\n\n - CVE-2015-7852\n A potential off by one vulnerability exists in the\n cookedprint functionality of ntpq. A specially crafted\n buffer could cause a buffer overflow potentially\n resulting in null byte being written out of bounds.\n\n - CVE-2015-7855\n It was found that NTP's decodenetnum() would abort with\n an assertion failure when processing a mode 6 or mode 7\n packet containing an unusually long data value where a\n network address was expected. This could allow an\n authenticated attacker to crash ntpd.\n\n - CVE-2015-7871\n An error handling logic error exists within ntpd that\n manifests due to improper error condition handling\n associated with certain crypto-NAK packets. An\n unauthenticated, off-path attacker can force ntpd\n processes on targeted servers to peer with time sources\n of the attacker's choosing by transmitting symmetric\n active crypto-NAK packets to ntpd. This attack bypasses\n the authentication typically required to establish a\n peer association and allows an attacker to make\n arbitrary changes to system time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-5146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-5194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-5195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-5219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-5300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/ntp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ntp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the ntp packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1:4.2.6.p5+dfsg-2+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-7+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ntp\", reference:\"1:4.2.6.p5+dfsg-2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ntp-doc\", reference:\"1:4.2.6.p5+dfsg-2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ntpdate\", reference:\"1:4.2.6.p5+dfsg-2+deb7u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ntp\", reference:\"1:4.2.6.p5+dfsg-7+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ntp-doc\", reference:\"1:4.2.6.p5+dfsg-7+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ntpdate\", reference:\"1:4.2.6.p5+dfsg-7+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:30:33", "description": "CVE-2015-7691\n\nThe crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.\n\nCVE-2015-7692 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.\n\nCVE-2015-7702 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.\n\nImpact\n\nAn attacker may be able to craft a packet with particular autokey operations that upon receipt can cause ntpd to stop responding.", "cvss3": {}, "published": "2015-11-06T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : NTP vulnerabilities (K17530)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7702"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL17530.NASL", "href": "https://www.tenable.com/plugins/nessus/86773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17530.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86773);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2014-9750\", \"CVE-2015-7691\", \"CVE-2015-7692\", \"CVE-2015-7702\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"F5 Networks BIG-IP : NTP vulnerabilities (K17530)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-7691\n\nThe crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and\n4.3.x before 4.3.77 allows remote attackers to cause a denial of\nservice (crash) via crafted packets containing particular autokey\noperations. NOTE: This vulnerability exists due to an incomplete fix\nfor CVE-2014-9750.\n\nCVE-2015-7692 The crypto_xmit function in ntpd in NTP 4.2.x before\n4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a\ndenial of service (crash). NOTE: This vulnerability exists due to an\nincomplete fix for CVE-2014-9750.\n\nCVE-2015-7702 The crypto_xmit function in ntpd in NTP 4.2.x before\n4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a\ndenial of service (crash). NOTE: This vulnerability exists due to an\nincomplete fix for CVE-2014-9750.\n\nImpact\n\nAn attacker may be able to craft a packet with particular autokey\noperations that upon receipt can cause ntpd to stop responding.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17530.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17530\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.3.0-11.5.3HF1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.4.0-11.5.3HF1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.0.0-11.5.3HF1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.0.0-11.5.3HF1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.0.0-11.5.3HF1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.0.0-11.5.3HF1\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.0.0-11.5.3HF1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.0.0-11.5.3HF1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.6.0-11.6.0HF5\",\"11.3.0-11.5.3HF1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:29:56", "description": "Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics types. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file paths. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or overwrite certain files. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. A remote attacker could possibly use this issue to cause NTP to hang, resulting in a denial of service. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. A remote attacker could possibly use this issue to alter the system time on clients. (CVE-2015-5300)\n\nIt was discovered that NTP incorrectly handled autokey data packets. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing certain autokey messages. A remote attacker could possibly use this issue to cause NTP to consume memory, resulting in a denial of service. (CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock.\n(CVE-2015-7704, CVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853)\n\nJohn D 'Doug' Birdwell discovered that NTP incorrectly handled decoding certain bogus values. An attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service.\n(CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association authentication. A remote attacker could use this issue to possibly bypass authentication and alter the system clock.\n(CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP AppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-28T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : NTP vulnerabilities (USN-2783-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5146", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7705", "CVE-2015-7850", "CVE-2015-7852", "CVE-2015-7853", "CVE-2015-7855", "CVE-2015-7871"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ntp", "p-cpe:/a:canonical:ubuntu_linux:ntpdate", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-2783-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2783-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86630);\n script_version(\"2.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2015-5146\",\n \"CVE-2015-5194\",\n \"CVE-2015-5195\",\n \"CVE-2015-5196\",\n \"CVE-2015-5219\",\n \"CVE-2015-5300\",\n \"CVE-2015-7691\",\n \"CVE-2015-7692\",\n \"CVE-2015-7701\",\n \"CVE-2015-7702\",\n \"CVE-2015-7703\",\n \"CVE-2015-7704\",\n \"CVE-2015-7705\",\n \"CVE-2015-7850\",\n \"CVE-2015-7852\",\n \"CVE-2015-7853\",\n \"CVE-2015-7855\",\n \"CVE-2015-7871\"\n );\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n script_xref(name:\"USN\", value:\"2783-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : NTP vulnerabilities (USN-2783-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Aleksis Kauppinen discovered that NTP incorrectly handled certain\nremote config packets. In a non-default configuration, a remote\nauthenticated attacker could possibly use this issue to cause NTP to\ncrash, resulting in a denial of service. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. In a non-default configuration, a remote authenticated\nattacker could possibly use this issue to cause NTP to crash,\nresulting in a denial of service. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain\nstatistics types. In a non-default configuration, a remote\nauthenticated attacker could possibly use this issue to cause NTP to\ncrash, resulting in a denial of service. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. In a non-default configuration, a remote authenticated attacker\ncould possibly use this issue to cause NTP to crash, resulting in a\ndenial of service, or overwrite certain files. (CVE-2015-5196,\nCVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain\npackets. A remote attacker could possibly use this issue to cause NTP\nto hang, resulting in a denial of service. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that\nNTP incorrectly handled restarting after hitting a panic threshold. A\nremote attacker could possibly use this issue to alter the system time\non clients. (CVE-2015-5300)\n\nIt was discovered that NTP incorrectly handled autokey data packets. A\nremote attacker could possibly use this issue to cause NTP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. A remote attacker could possibly use this\nissue to cause NTP to consume memory, resulting in a denial of\nservice. (CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that\nNTP incorrectly handled rate limiting. A remote attacker could\npossibly use this issue to cause clients to stop updating their clock.\n(CVE-2015-7704, CVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and\nkeyfile directives. In a non-default configuration, a remote\nauthenticated attacker could possibly use this issue to cause NTP to\nenter a loop, resulting in a denial of service. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly\nhandled ascii conversion. A remote attacker could possibly use this\nissue to cause NTP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock\nmemory. A malicious refclock could possibly use this issue to cause\nNTP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-7853)\n\nJohn D 'Doug' Birdwell discovered that NTP incorrectly handled\ndecoding certain bogus values. An attacker could possibly use this\nissue to cause NTP to crash, resulting in a denial of service.\n(CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric\nassociation authentication. A remote attacker could use this issue to\npossibly bypass authentication and alter the system clock.\n(CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-2783-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ntp and / or ntpdate packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2023 Canonical, Inc. / NASL script (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'ntp', 'pkgver': '1:4.2.6.p5+dfsg-3ubuntu2.14.04.5'},\n {'osver': '14.04', 'pkgname': 'ntpdate', 'pkgver': '1:4.2.6.p5+dfsg-3ubuntu2.14.04.5'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ntp / ntpdate');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:59:52", "description": "An update for openssh is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nSecurity Fix(es) :\n\n* It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-5352)\n\n* A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\n* A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\n* An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908)\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "RHEL 6 : openssh (RHSA-2016:0741)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-1908"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssh-ldap", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0741.NASL", "href": "https://www.tenable.com/plugins/nessus/91073", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0741. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91073);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2016-1908\");\n script_xref(name:\"RHSA\", value:\"2016:0741\");\n\n script_name(english:\"RHEL 6 : openssh (RHSA-2016:0741)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssh is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of\nLinux, UNIX, and similar operating systems. It includes the core files\nnecessary for both the OpenSSH client and server.\n\nSecurity Fix(es) :\n\n* It was found that the OpenSSH client did not properly enforce the\nForwardX11Timeout setting. A malicious or compromised remote X\napplication could possibly use this flaw to establish a trusted\nconnection to the local X server, even if only untrusted X11\nforwarding was requested. (CVE-2015-5352)\n\n* A flaw was found in the way OpenSSH handled PAM authentication when\nusing privilege separation. An attacker with valid credentials on the\nsystem and able to fully compromise a non-privileged\npre-authentication process using a different flaw could use this flaw\nto authenticate as other users. (CVE-2015-6563)\n\n* A use-after-free flaw was found in OpenSSH. An attacker able to\nfully compromise a non-privileged pre-authentication process using a\ndifferent flaw could possibly cause sshd to crash or execute arbitrary\ncode with root privileges. (CVE-2015-6564)\n\n* An access flaw was discovered in OpenSSH; the OpenSSH client did not\ncorrectly handle failures to generate authentication cookies for\nuntrusted X11 forwarding. A malicious or compromised remote X\napplication could possibly use this flaw to establish a trusted\nconnection to the local X server, even if only untrusted X11\nforwarding was requested. (CVE-2016-1908)\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1908\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0741\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-askpass-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-askpass-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-askpass-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-clients-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-clients-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-clients-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openssh-debuginfo-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-ldap-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-ldap-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-ldap-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-server-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-server-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-server-5.3p1-117.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"pam_ssh_agent_auth-0.9.3-117.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:01:53", "description": "Security Fix(es) :\n\n - It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-5352)\n\n - A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\n - A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\n - An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908)", "cvss3": {}, "published": "2016-06-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160510)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-1908"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssh", "p-cpe:/a:fermilab:scientific_linux:openssh-askpass", "p-cpe:/a:fermilab:scientific_linux:openssh-clients", "p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssh-ldap", "p-cpe:/a:fermilab:scientific_linux:openssh-server", "p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160510_OPENSSH_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91540);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2016-1908\");\n\n script_name(english:\"Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160510)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that the OpenSSH client did not properly\n enforce the ForwardX11Timeout setting. A malicious or\n compromised remote X application could possibly use this\n flaw to establish a trusted connection to the local X\n server, even if only untrusted X11 forwarding was\n requested. (CVE-2015-5352)\n\n - A flaw was found in the way OpenSSH handled PAM\n authentication when using privilege separation. An\n attacker with valid credentials on the system and able\n to fully compromise a non-privileged pre-authentication\n process using a different flaw could use this flaw to\n authenticate as other users. (CVE-2015-6563)\n\n - A use-after-free flaw was found in OpenSSH. An attacker\n able to fully compromise a non-privileged\n pre-authentication process using a different flaw could\n possibly cause sshd to crash or execute arbitrary code\n with root privileges. (CVE-2015-6564)\n\n - An access flaw was discovered in OpenSSH; the OpenSSH\n client did not correctly handle failures to generate\n authentication cookies for untrusted X11 forwarding. A\n malicious or compromised remote X application could\n possibly use this flaw to establish a trusted connection\n to the local X server, even if only untrusted X11\n forwarding was requested. (CVE-2016-1908)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=2911\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0986a929\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssh-5.3p1-117.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-askpass-5.3p1-117.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-clients-5.3p1-117.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-debuginfo-5.3p1-117.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-ldap-5.3p1-117.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-server-5.3p1-117.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pam_ssh_agent_auth-0.9.3-117.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:29:33", "description": "The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4.\nIt is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the ntp_crypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to disclose sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey functionality due to a failure in the crypto_bob2(), crypto_bob3(), and cert_sign() functions to properly validate the 'vallen' value. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the crypto_recv() function in the file ntp_crypto.c related to autokey functionality. An unauthenticated, remote attacker can exploit this, via an ongoing flood of NTPv4 autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper validation of packets containing certain autokey operations. An unauthenticated, remote attacker can exploit this, via specially crafted autokey packets, to crash the NTP service. (CVE-2015-7702)\n\n - A flaw exists related to the handling of the 'config:' command. An authenticated, remote attacker can exploit this to set the 'pidfile' and 'driftfile' directives without restrictions, thus allowing the attacker to overwrite arbitrary files. Note that exploitation of this issue requires that remote configuration is enabled for ntpd. (CVE-2015-7703)\n\n - A denial of service vulnerability exists due improper validation of the origin timestamp when handling Kiss-of-Death (KoD) packets. An unauthenticated, remote attacker can exploit this to stop the client from querying its servers, preventing it from updating its clock. (CVE-2015-7704)\n\n - A denial of service vulnerability exists due to improper implementation of rate-limiting when handling server queries. An unauthenticated, remote attacker can exploit this to stop the client from querying its servers, preventing it from updating its clock. (CVE-2015-7705)\n\n - A denial of service vulnerability exists due to an integer overflow condition in the reset_peer() function in the file ntp_request.c when handling private mode packets having request code RESET_PEER (0x16). An authenticated, remote attacker can exploit this to crash the NTP service. Note that exploitation of this issue requires that ntpd is configured to enable mode 7 packets, and that the mode 7 packets are not properly protected by available authentication and restriction mechanisms. (CVE-2015-7848)\n\n - A use-after-free error exists in the auth_delkeys() function in the file authkeys.c when handling trusted keys. An authenticated, remote attacker can exploit this to dereference already freed memory, resulting in a crash of the NTP service or the execution of arbitrary code. (CVE-2015-7849)\n\n - A denial of service vulnerability exists due to a logic flaw in the authreadkeys() function in the file authreadkeys.c when handling extended logging where the log and key files are set to be the same file. An authenticated, remote attacker can exploit this, via a crafted set of remote configuration requests, to cause the NTP service to stop responding. (CVE-2015-7850)\n\n - A flaw exists in the save_config() function in the file ntp_control.c due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this issue, via a crafted set of configuration requests, to overwrite arbitrary files.\n Note that this issue only affects VMS systems and requires that ntpd is configured to allow remote configuration. (CVE-2015-7851)\n\n - A denial of service vulnerability exists due to an off-by-one overflow condition in the cookedprint() function in the file ntpq.c when handling mode 6 response packets. An unauthenticated, remote attacker can exploit this to crash the NTP service.\n (CVE-2015-7852)\n\n - A overflow condition exists in the read_refclock_packet() function in the file ntp_io.c when handling negative data lengths. A local attacker can exploit this to crash the NTP service or possibly gain elevated privileges. (CVE-2015-7853)\n\n - A heap-based overflow condition exists in function MD5auth_setkey() in the file authkeys.c when handling passwords. An authenticated, remote attacker can exploit this, via a crafted set of configuration requests, to crash the NTP service or possibly execute arbitrary code. (CVE-2015-7854)\n\n - A denial of service vulnerability exists due to an assertion flaw in the decodenetnum() function in the file decodenetnum.c when handling long data values in mode 6 and 7 packets. An unauthenticated, remote attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)\n\n - An authentication bypass vulnerability exists in the receive() function in the file ntp_proto.c when handling crypto-NAK packets. An unauthenticated, remote attacker can exploit this to cause the service to accept time from unauthenticated, ephemeral symmetric peers.\n (CVE-2015-7871)", "cvss3": {}, "published": "2015-10-28T00:00:00", "type": "nessus", "title": "Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7705", "CVE-2015-7848", "CVE-2015-7849", "CVE-2015-7850", "CVE-2015-7851", "CVE-2015-7852", "CVE-2015-7853", "CVE-2015-7854", "CVE-2015-7855", "CVE-2015-7871"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:ntp:ntp"], "id": "NTP_4_2_8P4.NASL", "href": "https://www.tenable.com/plugins/nessus/86631", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86631);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-5194\",\n \"CVE-2015-5195\",\n \"CVE-2015-5219\",\n \"CVE-2015-7691\",\n \"CVE-2015-7692\",\n \"CVE-2015-7701\",\n \"CVE-2015-7702\",\n \"CVE-2015-7703\",\n \"CVE-2015-7704\",\n \"CVE-2015-7705\",\n \"CVE-2015-7848\",\n \"CVE-2015-7849\",\n \"CVE-2015-7850\",\n \"CVE-2015-7851\",\n \"CVE-2015-7852\",\n \"CVE-2015-7853\",\n \"CVE-2015-7854\",\n \"CVE-2015-7855\",\n \"CVE-2015-7871\"\n );\n script_bugtraq_id(\n 77273,\n 77274,\n 77275,\n 77276,\n 77277,\n 77278,\n 77279,\n 77280,\n 77281,\n 77282,\n 77283,\n 77284,\n 77285,\n 77286,\n 77287,\n 77288\n );\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for a vulnerable NTP server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NTP server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4.\nIt is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the ntp_crypto.c file due to improper\n validation of the 'vallen' value in extension fields. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted autokey packets, to disclose\n sensitive information or cause a denial of service.\n (CVE-2015-7691)\n\n - A denial of service vulnerability exists in the autokey\n functionality due to a failure in the crypto_bob2(),\n crypto_bob3(), and cert_sign() functions to properly\n validate the 'vallen' value. An unauthenticated, remote\n attacker can exploit this, via specially crafted autokey\n packets, to crash the NTP service. (CVE-2015-7692)\n\n - A denial of service vulnerability exists in the\n crypto_recv() function in the file ntp_crypto.c related\n to autokey functionality. An unauthenticated, remote\n attacker can exploit this, via an ongoing flood of NTPv4\n autokey requests, to exhaust memory resources.\n (CVE-2015-7701)\n\n - A denial of service vulnerability exists due to improper\n validation of packets containing certain autokey\n operations. An unauthenticated, remote attacker can\n exploit this, via specially crafted autokey packets,\n to crash the NTP service. (CVE-2015-7702)\n\n - A flaw exists related to the handling of the 'config:'\n command. An authenticated, remote attacker can exploit\n this to set the 'pidfile' and 'driftfile' directives\n without restrictions, thus allowing the attacker to\n overwrite arbitrary files. Note that exploitation of\n this issue requires that remote configuration is enabled\n for ntpd. (CVE-2015-7703)\n\n - A denial of service vulnerability exists due improper\n validation of the origin timestamp when handling\n Kiss-of-Death (KoD) packets. An unauthenticated, remote\n attacker can exploit this to stop the client from\n querying its servers, preventing it from updating its\n clock. (CVE-2015-7704)\n\n - A denial of service vulnerability exists due to improper\n implementation of rate-limiting when handling server\n queries. An unauthenticated, remote attacker can exploit\n this to stop the client from querying its servers,\n preventing it from updating its clock. (CVE-2015-7705)\n\n - A denial of service vulnerability exists due to an\n integer overflow condition in the reset_peer() function\n in the file ntp_request.c when handling private mode\n packets having request code RESET_PEER (0x16). An\n authenticated, remote attacker can exploit this to crash\n the NTP service. Note that exploitation of this issue\n requires that ntpd is configured to enable mode 7\n packets, and that the mode 7 packets are not properly\n protected by available authentication and restriction\n mechanisms. (CVE-2015-7848)\n\n - A use-after-free error exists in the auth_delkeys()\n function in the file authkeys.c when handling trusted\n keys. An authenticated, remote attacker can exploit this\n to dereference already freed memory, resulting in a\n crash of the NTP service or the execution of arbitrary\n code. (CVE-2015-7849)\n\n - A denial of service vulnerability exists due to a logic\n flaw in the authreadkeys() function in the file\n authreadkeys.c when handling extended logging where the\n log and key files are set to be the same file. An\n authenticated, remote attacker can exploit this, via a\n crafted set of remote configuration requests, to cause\n the NTP service to stop responding. (CVE-2015-7850)\n\n - A flaw exists in the save_config() function in the file\n ntp_control.c due to improper sanitization of\n user-supplied input. An authenticated, remote attacker\n can exploit this issue, via a crafted set of\n configuration requests, to overwrite arbitrary files.\n Note that this issue only affects VMS systems and\n requires that ntpd is configured to allow remote\n configuration. (CVE-2015-7851)\n\n - A denial of service vulnerability exists due to an\n off-by-one overflow condition in the cookedprint()\n function in the file ntpq.c when handling mode 6\n response packets. An unauthenticated, remote attacker\n can exploit this to crash the NTP service.\n (CVE-2015-7852)\n\n - A overflow condition exists in the\n read_refclock_packet() function in the file ntp_io.c\n when handling negative data lengths. A local attacker\n can exploit this to crash the NTP service or possibly\n gain elevated privileges. (CVE-2015-7853)\n\n - A heap-based overflow condition exists in function\n MD5auth_setkey() in the file authkeys.c when handling\n passwords. An authenticated, remote attacker can exploit\n this, via a crafted set of configuration requests, to\n crash the NTP service or possibly execute arbitrary\n code. (CVE-2015-7854)\n\n - A denial of service vulnerability exists due to an\n assertion flaw in the decodenetnum() function in the\n file decodenetnum.c when handling long data values in\n mode 6 and 7 packets. An unauthenticated, remote\n attacker can exploit this to crash the NTP service.\n (CVE-2015-7855)\n\n - An authentication bypass vulnerability exists in the\n receive() function in the file ntp_proto.c when handling\n crypto-NAK packets. An unauthenticated, remote attacker\n can exploit this to cause the service to accept time\n from unauthenticated, ephemeral symmetric peers.\n (CVE-2015-7871)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2015-04\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/SecurityNotice\");\n # http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?08d2ada0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to NTP version 4.2.8p4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/28\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ntp_open.nasl\");\n script_require_keys(\"NTP/Running\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Make sure NTP server is running\nget_kb_item_or_exit('NTP/Running');\n\napp_name = \"NTP Server\";\n\nport = get_kb_item(\"Services/udp/ntp\");\nif (!port) port = 123;\n\nversion = get_kb_item_or_exit(\"Services/ntp/version\");\nif (version == 'unknown') audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\nmatch = pregmatch(string:version, pattern:\"([0-9a-z.]+)\");\nif (isnull(match) || empty_or_null(match[1])) audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\n# Paranoia check\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = match[1];\nverfields = split(ver, sep:\".\", keep:FALSE);\nmajor = int(verfields[0]);\nminor = int(verfields[1]);\nif ('p' >< verfields[2])\n{\n revpatch = split(verfields[2], sep:\"p\", keep:FALSE);\n rev = int(revpatch[0]);\n patch = int(revpatch[1]);\n}\nelse\n{\n rev = verfields[2];\n patch = 0;\n}\n\n# This vulnerability affects NTP 3.x / 4.x < 4.2.8p4\nif (\n (major < 4 && major >= 3) ||\n (major == 4 && minor < 2) ||\n (major == 4 && minor == 2 && rev < 8) ||\n (major == 4 && minor == 2 && rev == 8 && patch < 4)\n)\n{\n fix = \"4.2.8p4\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nreport =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\nsecurity_report_v4(\n port : port,\n proto : \"udp\",\n extra : report,\n severity : SECURITY_HOLE\n);\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:29:52", "description": "It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704)\n\nIt was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value.\n(CVE-2015-5300)\n\nIt was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. (CVE-2015-7691 , CVE-2015-7692 , CVE-2015-7702)\n\nA potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. (CVE-2015-7852)\n\nA memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)", "cvss3": {}, "published": "2015-10-29T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ntp (ALAS-2015-607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9750", "CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7704", "CVE-2015-7852", "CVE-2015-7871"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "p-cpe:/a:amazon:linux:ntp-doc", "p-