DATABASE RESOURCES PRICING ABOUT US

{"id": "9FD738448ACD93F4450A43269B40F6F0A44AE4531A251D9858867B18DD433AE4", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available", "description": "## Summary\n\nThere are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-3565_](<https://vulners.com/cve/CVE-2014-3565>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95638_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95638>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98562_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n\n \n**CVEID:** [_CVE-2014-8121_](<https://vulners.com/cve/CVE-2014-8121>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102652_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102652>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n \n**CVEID:** [_CVE-2014-9297_](<https://vulners.com/cve/CVE-2014-9297>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2014-9298_](<https://vulners.com/cve/CVE-2014-9298>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n \n \n**CVEID:** [_CVE-2015-1819_](<https://vulners.com/cve/CVE-2015-1819>)** \nDESCRIPTION:** Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error in the xmlreader when processing XML data. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107272_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107272>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n \n**CVEID:** [_CVE-2015-2017_](<https://vulners.com/cve/CVE-2015-2017>)** \nDESCRIPTION:** The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive infrmation. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103991_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103991>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2015-2730_](<https://vulners.com/cve/CVE-2015-2730>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle certain exceptional cases by the Elliptical Curve Cryptography (ECC) multiplication for Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation in Network Security Services (NSS). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to forge signatures. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104386_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104386>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n\n\n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>)** \nDESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102888_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102888>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>)** \nDESCRIPTION:** libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102878_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n \n \n**CVEID:** [_CVE-2015-3238_](<https://vulners.com/cve/CVE-2015-3238>)** \nDESCRIPTION:** Linux-PAM could allow a local attacker to obtain sensitive information, caused by an error in the _unix_run_helper_binary function in the pam_unix module. An attacker could exploit this vulnerability using an overly large password to enumerate usernames and cause the system to hang. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106368_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106368>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n \n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n \n**CVEID:** [_CVE-2015-7450_](<https://vulners.com/cve/CVE-2015-7450>)** \nDESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107918_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107918>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Security Identity Manager Virtual Appliance versions 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3\n\n## Remediation/Fixes\n\nEnsure that the version listed below is installed on the system. \n\nProduct Version| Fix level \n---|--- \nIBM Security Identity Manager (ISIM) Virtual Appliance releases 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3| Apply the following: \nIBM Security Identity Manager (ISIM) 7.0.1 release [7.0.1-ISS-SIM-FP0000](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Identity+Manager&release=7.0.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2018-06-16T21:38:14", "modified": "2018-06-16T21:38:14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/273647", "reporter": "IBM", "references": [], "cvelist": ["CVE-2014-3565", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8121", "CVE-2014-8150", "CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-1819", "CVE-2015-2017", "CVE-2015-2730", "CVE-2015-3143", "CVE-2015-3148", "CVE-2015-3238", "CVE-2015-5621", "CVE-2015-7450"], "immutableFields": [], "lastseen": "2023-02-21T01:50:51", "viewCount": 1, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["NTP4_ADVISORY.ASC", "NTP_ADVISORY3.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-407", "ALAS-2015-477", "ALAS-2015-495", "ALAS-2015-496", "ALAS-2015-514", "ALAS-2015-520", "ALAS-2015-589", "ALAS-2015-590", "ALAS-2015-596", "ALAS-2015-628", "ALAS2-2019-1220"]}, {"type": "apple", "idList": ["APPLE:30DAD52FE6873B43EFC82661563B56D6", "APPLE:73A5DE43E262286D306BB143FE6D4F15", "APPLE:781D931DB9B2E3B8255557FD7BF0D6F8", "APPLE:87561C7576B031D8E8098D98D5BACF41", "APPLE:HT206166", "APPLE:HT206167", "APPLE:HT206168", "APPLE:HT206169"]}, {"type": "archlinux", "idList": ["ASA-201411-7", "ASA-201501-9", "ASA-201502-7", "ASA-201504-28", "ASA-201504-8", "ASA-201504-9", "ASA-201508-7", "ASA-201512-6", "ASA-201810-11"]}, {"type": "attackerkb", "idList": ["AKB:BC293A26-1A78-4F0D-B4CE-04E218BA7440"]}, {"type": "centos", "idList": ["CESA-2015:0327", "CESA-2015:1254", "CESA-2015:1385", "CESA-2015:1419", "CESA-2015:1459", "CESA-2015:1636", "CESA-2015:1640", "CESA-2015:1664", "CESA-2015:1699", "CESA-2015:2159", "CESA-2015:2231", "CESA-2015:2345", "CESA-2015:2550"]}, {"type": "cert", "idList": ["VU:374268", "VU:852879"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-1337", "CPAI-2016-0726"]}, {"type": "cisa", "idList": ["CISA:99DAB57F9B8063F8619B1A418B014DF1"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2015-7450"]}, {"type": "cisco", "idList": ["CISCO-SA-20141222-NTPD", "CISCO-SA-20150408-CVE-2015-1798", "CISCO-SA-20150408-CVE-2015-1799", "CISCO-SA-20150408-NTPD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4F43D8E6BFF265B4800460FBD8EF85B5", "CFOUNDRY:82B2B1A060B1E750A31BFC919E90DD11", "CFOUNDRY:901229BC021F2D48F4013F37E06AADF6"]}, {"type": "cve", "idList": ["CVE-2014-3565", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8121", "CVE-2014-8150", "CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-1819", "CVE-2015-2017", "CVE-2015-2730", "CVE-2015-3143", "CVE-2015-3148", "CVE-2015-3238", "CVE-2015-5621", "CVE-2015-7450", "CVE-2017-2628"]}, {"type": "debian", "idList": ["DEBIAN:DLA-134-1:C00C1", "DEBIAN:DLA-149-1:727D4", "DEBIAN:DLA-192-1:FEA6C", "DEBIAN:DLA-211-1:EE6A6", "DEBIAN:DLA-266-1:8DFA3", "DEBIAN:DLA-266-1:D0AB4", "DEBIAN:DLA-315-1:C6985", "DEBIAN:DLA-316-1:7B8F0", "DEBIAN:DLA-64-1:CEBAF", "DEBIAN:DLA-64-1:EAF9F", "DEBIAN:DLA-84-1:5C6C0", "DEBIAN:DSA-3022-1:5F994", "DEBIAN:DSA-3069-1:7EE26", "DEBIAN:DSA-3069-1:CD683", "DEBIAN:DSA-3122-1:1EBDC", "DEBIAN:DSA-3122-1:75E7E", "DEBIAN:DSA-3154-1:3F2CB", "DEBIAN:DSA-3154-1:72818", "DEBIAN:DSA-3154-2:273EC", "DEBIAN:DSA-3154-2:F46AB", "DEBIAN:DSA-3223-1:2BB15", "DEBIAN:DSA-3232-1:8267A", "DEBIAN:DSA-3336-1:73822", "DEBIAN:DSA-3336-1:F9DC2", "DEBIAN:DSA-3430-1:21018", "DEBIAN:DSA-3430-1:A974A", "DEBIAN:DSA-3480-1:7D107", "DEBIAN:DSA-3480-1:E6251", "DEBIAN:DSA-4154-1:4FDF1", "DEBIAN:DSA-4154-1:6A12C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3565", "DEBIANCVE:CVE-2014-3613", "DEBIANCVE:CVE-2014-3707", "DEBIANCVE:CVE-2014-8121", "DEBIANCVE:CVE-2014-8150", "DEBIANCVE:CVE-2015-1798", "DEBIANCVE:CVE-2015-1799", "DEBIANCVE:CVE-2015-1819", "DEBIANCVE:CVE-2015-2730", "DEBIANCVE:CVE-2015-3143", "DEBIANCVE:CVE-2015-3148", "DEBIANCVE:CVE-2015-3238", "DEBIANCVE:CVE-2015-5621", "DEBIANCVE:CVE-2017-2628"]}, {"type": "f5", "idList": ["F5:K15955144", "F5:K16392", "F5:K16393", "F5:K16505", "F5:K16506", "F5:K16704", "F5:K16707", "F5:K17315", "F5:K17378", "F5:K17494", "F5:K35453761", "F5:K85307687", "SOL15955144", "SOL16392", "SOL16505", "SOL16506", "SOL16704", "SOL16707", "SOL17315", "SOL17378", "SOL17494", "SOL85307687"]}, {"type": "fedora", "idList": ["FEDORA:0B93B60FBEB9", "FEDORA:0BAD36087900", "FEDORA:2305760918E4", "FEDORA:240BF60EBBB7", "FEDORA:454A0601DA33", "FEDORA:4959A6092042", "FEDORA:4B5316087AF9", "FEDORA:4F25160876FA", "FEDORA:52D6A6087D52", "FEDORA:64C1160874EB", "FEDORA:6ABB660BD690", "FEDORA:6DDF422DE0", "FEDORA:700C56087906", "FEDORA:708122455A", "FEDORA:767766087911", "FEDORA:79A5B6062E54", "FEDORA:7B8B36048716", "FEDORA:7DDBE6087C18", "FEDORA:7E81C6087B04", "FEDORA:82CF0608755B", "FEDORA:87D3321955", "FEDORA:929C221B10", "FEDORA:A273C604D0EB", "FEDORA:A98556079D0B", "FEDORA:AC02C6087B16", "FEDORA:BC8DA6087E29", "FEDORA:BE1C160C37C1", "FEDORA:BE43D21181", "FEDORA:CB36B60FBEB2", "FEDORA:DA63122D8B", "FEDORA:E865D60CE84D"]}, {"type": "freebsd", "idList": ["381183E8-3798-11E5-9970-14DAE9D210B8", "44D9DAEE-940C-4179-86BB-6E3FFD617869", "4622635F-37A1-11E5-9970-14DAE9D210B8", "7656FC62-A7A7-11E4-96BA-001999F8D30B", "9C7177FF-1FE1-11E5-9A01-BCAEC565249C", "CAA98FFD-0A92-40D0-B234-FD79B429157E", "EBD84C96-DD7E-11E4-854E-3C970E169BC2"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-15:07.NTP"]}, {"type": "gentoo", "idList": ["GLSA-201507-08", "GLSA-201507-17", "GLSA-201509-01", "GLSA-201509-02", "GLSA-201512-10", "GLSA-201602-02", "GLSA-201605-05", "GLSA-201701-37", "GLSA-201701-47"]}, {"type": "github", "idList": ["GHSA-Q7WX-62R7-J2X7"]}, {"type": "hackerone", "idList": ["H1:104014", "H1:73242"]}, {"type": "ibm", "idList": ["0077581D1D7A23A629EFE54E1E57A0DC515E246397915856CEBC23F7659EACBB", "0394AE8846493A479931BE19E38194F4270977F6FA36B6193A75C2ACA0EAD8B8", "040B6A6E818B242212561F6E4BE52B51424C0DAE007AE3654693FC77954351C9", "0629AF41906DD26A46F9FEDBC0E3DEA130B830A45C43613EEC32A92E38CD9329", "06457DA2FE08EC56407EF05C2EAAA9080634D44807C2A8ABBDEA18DCD9364BAC", "0A096E5B1166FA9EA2FBE248B1FBD4328C1A90DC4203B8F0EE373BED1B836904", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "0DCD9ACCB7D7E63C07AF13F2863C1CF1814C736C4EC36EFBC550DE8540180B4C", "104BE807C8577FF816DF414B5A588FABB581711BB54758F6F49C7CAC17CD68BE", "128B1E811A69D69070C91C340A1B381B1FD1E96B13AB491FE26D15A435818739", "13C3D53BA54035028BA8B6CCC92D57C0C0AFB5754F2A746073C2E64512AF302A", "14D6BD9FB21D986F7A7372B530E1023CD0FF42323E4743E166603718FA4482AC", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "16851167A6E7D383CF52D5B447DED7E09886CA93B8A9A92A25FD7998659A49D8", "1696E1D8792540E46785AF5C86F8AD0F77D5F716A56F15223E99344280FB380A", "16F0C1FD00BE2D5692766D94C7C4AE278644CB8CA9B3B5632367F97F99C0DB8D", "182B7E2B619361F12F4ED5FC874487EFED77E355247E741885559BD37BCBA877", "19394A88E61F30B5C1597ECA954C773FA85232B7B70A71D10E63BE79D628468C", "19926537DC891C5AD7A729E9A8684B4D6D6593A474667DC8BF2B3DA57D44FCF9", "1FFE3BDAC852AC7D22567834F8DABDFCB8F5A3753DD08811925713F42EB786F0", "22A6055EFA99FD5B7B5ECFE756319336D5D3CC5D3AD5388810150529A1127067", "247BFCDF2EA03556711B4CF4275D54CC93B20878270FEB9C93CDBCDCF022116A", "257FE3C03DF1EAAF4C91B06A98D64FF55D1CBD8F44963992BA87CE378431E9ED", "272A70EAB7832A1CA1419E5AF531A4920BA199872E0D365408A139F34D31075E", "2AA34CF9DF5E999E62E76CE5882AB668DBD94F88D6DF20B6A4EA5DB9690E90F1", "2AA98F262EB695D2458A3ED4EC4F0E7090EB4CE4B2F0F815EF828CF974F2C44B", "2AD55644A16B08DC4CD7D5B0074C944128455FA5FB38A6CCCF95596E90E15198", "2C38F540AE37DCD1CCE69AC095C3515B087DC0586C1CDEB71E92B01526E016CC", "2DC9D974A5B56CDB5C86B55F606B2D08F44DE70E16C3065FAEEFBEFECD6E44AB", "2EFA761D58F0D7141C702194752C3FC6082E24B56AF4D50FDDDCE3EADBD675E9", "305CFF54D1B74278AA889780BABE7E0790314E9D321B6262C0EA59170C7721E6", "30D631C815AFF41DEEE5248927DBBD0A9CE700CD124EB4C3773A57ABAA5C5A2E", "3294700F70DD877A6F5CAF823E4043022386683AE884F3456B399DC790CC1874", "3484930B9D1D577B443F9B6823E8F4CFC7578B80B89E16866C07AC9046A0F330", "34F17EDBCA597769CA40F522E44EB3BD8BCC8B0A10B748E6F83CC653B0977D3C", "375884F4E4769568ED6E9CE05F98F460A5ABD7C152F87CAAC7C9BA9AB0DE3537", "384B2B803FC914EC11BFF98C33122945AB26D49D5D52BE64C37E55A0FC18C1E4", "38EA893B1CB49114E3D8196A772DD2EACB1D68746AC3215F7DC912F30D4B3635", "39AF54005626237D817FF2842935E6FEC2A49CAF5B21F866EA5B32CC019CCEE3", "3EF919878669EE41DD08409B9AA0E2DAA0F0DBC40CFE18712D5924A93F1806CF", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "411B8CF7A459962FE8334DD23E5D036713ACE0AD2F532D1DDDA6DCB741A4FB95", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "41B27712149D6E36ADECAA329C539DE2C75961CDF5DAB69AB5DF32BA248F69F0", "429E5315661927E1288D8812DBE22537DB4B4B0AC531C587B0B51692AD23E37B", "4429AE393D14D9DD1BA1A49D42CB67BB5D731909307AF189B937C047DFFB1943", "44BBEF9BBAADBE25D0E13271FA0E27A22042443ED78068F29A0A9CB11D7E1DE1", "453A9F5D715046BDF9A0EF9C92A5C29AD867E85355632D67C30C12A5D8351027", "4859A03E2D2DEA9521079F5A59E2CD0663790B832430431C8328095E4764F181", "4A7DB38620234CEAD755F4562BEB0565D06A5E37D9F8298ECC5CC0A1F96C22EE", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4C634C284BD54453EDF86F87DC5CD62853248F0BDE7951DCBDA064BBEAF116C9", "4DEAEA6ACAE3D80E3C4661B263A2C3B6E211FF252087A0EEEF1750868442EBB8", "4EB6375AC60D18EF5D589BC88A70CB0698048440611BD71DE666FEA37A17ED94", "5518E42719E2CDA44942EEB207D99CA80651C3C9A128414CB23DFF383B97AF66", "56089216FE5BBEF3CB97441EEB8BE05F1F746C5131D22F24180904B3788E6C15", "5816BC25A401CA1C34A29C435FA1FD61EA29125218D86F82CA67E2435D8CBE66", "58B77823D926FA861FDFEEE3A042A509A6208DFB675AD0A015CD9B714395FEAF", "58E33C1549EB4DBC850E6823A153E89AA2B58543688B7109103E107A7E7D2EBE", "5AC842C76A38BA7E6961E8ACD0BA85FA50688DCA05B04D73F870154778C0B550", "5CA427D20F513F1CC81AEF9C09677EF6584321B0D5FFE5209255F3B168E636A4", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5D17E2BC37F1CF80689178C0729849BEDDA7B7801DD122472ED330A001793033", "5D3B9339FED24ED9D5DB6D59DD04B300248E1AA8C17F0CFCEF34001878039302", "5E2AFDF7AB3E087F15E11D8D08AEEF34592E638BA469F3697192CBD365B9C998", "5ED3D4757BC647BD11CA51838B1320BD521D0D92972F49697A320EC63D469A46", "5F468E7095FD7CDC6ACB31C903D40522F03AE2C875C15B90AB7E04C796279517", "5FDFAE3378B94695C361E1304FEE4C2C4F92EC0924C89C3F18E53B852DEDD45C", "5FE9E4B1166879E8B50C166D0707F6356811FD2EB2C3AFA5028AFAD3724D02DA", "6082EF9EEC65FC8C759FD4BD5D61B617F34A710731C703A12F4C0E537B571626", "6267DE38B967CE58A1DEF6DF551BAD027CBFF54363ECBB40F2FC6D3AD4190A8D", "62B974206EFD5A5DB865253735D94F36D4ACA06DE2DC5AD682A161C886A14B45", "62D0C5029A2EB3B354943CD5E9012311F875BACCD6A1D9F54159F910BD37F9CA", "63DAED287E5E589CB66DEE42D6AD62CBADA57BF5A22C757E4A6252674CC1D266", "6559F0CE591F2B86C01EEB6FF244DC5653DD25B4B8DF6FCA3F4C736102182FF9", "65DB2DF1E5DFCD77CCBBB618503600B226ECB723619232D76182A80D58890F9D", "689070AB4C011A979BBA5848242A400944D849D04225B611EB1D2B6DEFE03427", "69F13C4B496564967533BFCD59F0E0A7DC2B176EFF6845513A33832E68841935", "6B90E63F56044D7852A73ED9C273A429EB3E85A179D0901F9DD542EC74189D83", "6C099EB2D7A6A7FB08F677C5022E99A80942C8B6F6F4DD59D6C967A34499E8CB", "6C19A1B08B7A9D998D6C90A501C2F7B1B2E4E3D475CB6FE4716A08A83906C223", "6E142852D8578EFF0FFB850451F8784B6C1F52CF6277D449EF09B2E7015902D3", "7046138B9599A1C4F494C484A9BB676F47CE5DB50FD7EC9400CB6F191317A8B0", "705280D237DEDB26D3D68396BC2097819ADC8127D93D08AF8CFC027E9A703179", "709E27E3685930B945F2FBC357A30EA55914B7F6AA51DED371226AB763C07085", "7196C8D1335ADFCDC76659DB37704C37F43BFC5EAAC5070B6B965CB49E2ED826", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "75FBC99F16C88B1504B48FA2439543EF4EB7781607D6FBD77B50EA9DDDB94345", "76A7E7DAF9C149B8FD66E19139F6112A525F103DF32693A1F4D43F31321E1A1E", "76E57CEF5B52280F24F03546152B520C29370EE8F65604719A437DFC5B9D68FF", "77E4E1DA195A2142CE6FAE8E0103BFF102ED3CC6A7AF12809B16F51B400704FC", "789948D6E2D3214CF6D14873F1BE91C91BC7007F1ACE3F9DD9D9CBFBB98592A9", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "7A9325A3A31DA6075D430BD9972B87037EACC19F9E8A6BECE8F05FDEEF567CEB", "7ADA99C6F6CBC1C4CB732F884DB11AD6B5BB2132DE3162727948C9DEE857DEB3", "7AE79CBB38C9B30F603A5F44A9B8F142162D6B14888148AC3503AD993B81C776", "7B3AC56328D3147E79BEC5737ADB41C519A985674FD8C6C608CC27164A464E84", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E1AD56C932EE6022D560B647F3D701B90E917C8D245F2619F30EAFAE93014A2", "809F5AD19D82DDE015FBA6CB7ACAAA96ACC02BD1EAAAF1214E7039785A1431E8", "824E537DD314DA72866A8405781D328166B8D8F77550C925EC957FB68C2CB1CA", "8287275EEC72C6CC4E80477CA04131224FEE84C5F897F0E0579443793E0C38AF", "8289D17EB8553CDBF95B02E0E5986836FBD1EE0BBA844DA092441B7F298B4BAB", "82BCFC54948E77B12B2E8950E4E4D79F92D38C8C709CD6378AB63A2EBB0EA8C1", "82F246436CF20352218C8642378C24F0FC172BB533B032A084E47DAC4081E232", "842AA4D3168931006C05FFF54B0EA436F2CF6E10D76F87FCD72C3D78D4D077DF", "845F645C756E501D515D3D79A4AFDD9B71567E0F6FAC37814BC4092FE127BE92", "84ADA1A0F9193EF446D20A2AE6CBA8AD78BD934525DE84341357005D9E20113E", "85F8CEB9FBF0665A612A1C0786835111FCF17D8DBCCD53EC324BA4575F2A2DCE", "86049AD5B728A475ACFB48AEFA39FBAE662CCDAA8014795312D69A9E860527D2", "865491A8AE45D8889B4A4B68C631AF51173BD6FAC1388EA03C0A94F22F2C9462", "87366B40E9156D7447CB2456B21C8ABF70E610637C7BE9F93FC7DAE990860D03", "880AB99222EFB79E8E559C7DB054B801F32A7AD70467C5F74F036A63FF207BFB", "89257A9062FB5478B817FD1D0B21510D31D1A39427F3EFCD4545A41253582842", "89C04AFBD9A3924C8C42B82F83CBF99C009E0A28881AA5D3B9CB9AEBBE832E36", "8A9198697F8388FC75E2DA73A2811AC8903D8787718F479A630B9674D8C0DC03", "8B09C9492941B8B6C6FB844862484437C6E439C77EC2B6E2EA1BC5C87B890DBB", "8DA45802500978D0261A717562F9399871A609DCB465C01C4F0DD3687651EDC1", "907D422E64306B77CE4FC8F237994BB7A9BE500E8F53773E33B3C6A72CB4F50D", "93CFD3EE6FB14B2E9F4C3B99F88919EF97E06B499E95C94D16E7F6DEB2FB97F9", "94ADF9C910A362467000D0DD8590BD5C24E2AED265E1E3B9AB7A109A4D0AF94F", "95197CBE86632E54219C0C8A24673D63826A01DE30AD9A4149DAC0247F5B9DBC", "9A0B377B539E9EB3DEAE72601B316AC39529FEB48D77BA9C2660AD88E7DF662B", "9AE27752CE61B7806165EEC477048C9431337F2A610460AB42D12020D03EF964", "9BEF3E43A2C3D72D84C688E56817CE2AFF469FAC1A6716F033C3D20F35292C58", "9DFC2FCC86D366189BAC4DC700FCD29A73CA2919AECE1B980522C1A20CB5F255", "9E20D1855575208AB10D7A37A8F732F5FB0995B4D096646EBC735EE1706B18C6", "9E3FCEB3C8DC76AD3152DBCC2EFEFAB5F229FFCEF4CF1D756D45190726CF3D0D", "A13BB150C6BB8809E811442A523AB48D9D44BEEB35C9B778D53A7CE8ECC1481E", "A4A4F68247E34060CF99010985E8950767AA036049D18C92754BC1F861E71488", "A58920C51844C3EB0D56077CF21717B6E79B3F6C399A997734F99352AA86099F", "A6B089124F750729C2A5DCFDD551701AB74968E1A86A4C4BE83273F5F8E1BE38", "A844D400C43BB25C5E4644AB662F0AC68F634A04AC41A95A103DB9D4334B70E7", "A89942FAB58AC82EB0C1EA7C23CD9F0CA0E09BB7B7B61D1626F11029ADDD61BC", "AB17D322C4BB2B46D442D900C498EC353D5CA49885073C855E7528ADFFD7BEB0", "AB26E204169707DA3126CC68A6AF33EADC57E5A0CC82BD87A87FF5CDF3DB880C", "AC33843924B6A7415E2B5520B228A4C48ECE79D3ED971F29EAFD5A574C45E7BF", "AC54A5DAFA15D91044EA9FE6159829752BCD0E35D53719860B2A80D7AB2DBBA9", "AD57A93B6B7D4D0AF4F5000F0C9C724E997D89E4C87F32B1C0F08EF41F3BF2A9", "AE4606DD56969369C30E608307B872A2C7644486FFE160A5DED866AB76BC36BD", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B0B378D6DF228508C555CD15A899025E142FE0A9E7466DB0FDE01B1B5DC8C8C4", "B45ABED8BD58C33A07263A55AF5D4FCACA1D1D4D41B9076C9B3E26F4C663C536", "B5A4752DEAC88A10534CF854A6438BA18AC67F5CDDB7CA2AB8AC51A08FEAAF08", "B5B9D3BBEFAC11221B99FB07BB832894334EF0A973E8B7C0B7874A84B5D7AB26", "B61AB1D0CA790E1ACAC9798122DF79FFCF9B8B2580CDC33E702C953B7EF6B140", "B634FF2E7FC1F3330432FBCA9743C474852276C64003951811F2A870EB1D6D85", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "BBC19469EB9B90D82D15BF345DE6BD2F2984CAE6A5427AAEAFBF0699FD85D085", "C03FA5EBB009D6B1F8AADC24B78B9ABD8ADACBA78E030EBADE0D37E5B4B8531B", "C07B22EADF090CC9AAC7EB1364B467F03118CFA06DA1B103743ADFC12C0BE972", "C08849A00434A559EE1C5504DAE1CDDB28E9D46EDC400E95B2136AC317DFE7A3", "C0997894C00C647C765D25D22D15D1B89C53BD7787EE040820B491BEC93CA8C3", "C2589DFBD09C40CB0ED3C14A127AD44309E3A47D40C1ABCBAA157F4307C403C7", "C40F5E491D6F3F421E3D2E75A37C3F5BB40766F46E04F7FCB702D487527412B2", "C4201BA18FD219F4998B9CD1F31247B019E4B70DABFE54578652DCDBE9377D5D", "C54D628A6B03E0D5D380798A26C8FC0F502D8BC8896B559E7A64C4132852C6AF", "C55D668E9DAA959DD19BE97127802F50A829DCC234E975F8050767FE8AEFE217", "C5DC7E3B34A4B9A3DC0E8C0FAFE2DA531B9CD3D402160B1BD2722664BB8814ED", "C807C32A7883D1C2FC0D7B24C88A071FCA929D2C2A1604675B9EDBA17D0B0100", "C869EEC83BD16543720F7AAE437BAC980B3CA9305C2B781C9D9C4734959DBAD2", "C995553D9B44244C678C4332BC3ECCE7F9D9A8E8FFBB28EF8F632C16FD3E43A3", "C99AB9FB9389FE23659D18E25DF69F2E655C7F4069334DD38DC826EAF788536D", "C9C588A768D21A853FACF3A5EF1CC8252C6FA01E38099CC8067E296725E7CEA3", "CA890E7B5ED528F8FC1ED4E81A786A29BA1920B7E6B219BEF6EEF3DE24C94A20", "CB43B6A0E75D60A41BF21D857ADE7E57A8AEE3FB253186BFACB5E34FAED63095", "CD6036E42997395942F7FF83895D94F94E8BFD2DC6168C160F484DA20BCCF217", "CD87DBDB3D8E53CB519EDE92FE82F45A681ED21290349CC19AD349F693B48D9D", "D18760670EDADC2F24B086D79E8A710951BAF55B25632660F1CD9469AC034929", "D25FC5FB8A8B1C59AB072CD2FAFBE0E65B654246DF1F523B2F0760F380BBA57D", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D4D9239D39380DAAAF0663AA50B7560152F0E3980E2EE27DD40046B16E4D33B3", "D5D68C274689503F08DAB338007FECB9B03D6956ECF160CECB37263C1DB02BAC", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D66F1CF05D4FAEAA1D2A1BD6C942DFBCEFA7698121E07EA674D81BA77E984AF6", "D6EF0A354BC60FD9763CCD91736DAA8B1445C437C0A7B30389216581A9447D9D", "D71ECE9054A0423D2796261CBA40257762AA9E2D7719136781F2B173EA9107E9", "D7AC248E04AE756C03D46141AC310A54DEB1A06F5826FA20FBF0513EB29FCA4F", "D807F98F285E9AA24C6982ECD7ECE986CC9DAEE3771B85EB11104E7DB3A38BAE", "D8535E734E3F548AB07B02CDF92FA67398F7AECF95E5C679590DDB4CBD927D88", "D911317A5AB78973EC0BCDD274D56A8146D89345FD34F13DAEEC08B6503FEAE0", "D9481B51055BA5B07B1DC12C1F5C2466F6B1E853748C6184BFD94AB4D366B88E", "D9F9C21739CE0374485FD9F451E99B1E3D3DD763F365282CE7DBE1FD581588A1", "DAE66C3F24DC9C9F32A4918C846A8F515A6E526CE6B4F5F2BBF09EFE18B62398", "DAF96CC7FDD622F8E28791075010AD2B6C155A9758A74D7A53185A5DD46E4C4D", "DB2B818A328E9D978E389CD017B47DF75CF8C64900E023A2B46B5D029C47E02F", "DD1DE1EA8F3ABFF0208B6F410093F349C182C608A53D0AD411BE135E0569B75C", "DF1E63CF8B14528F156628BE21730C46B9AD6FEBFA9BE46C21DFFEFE8A0D3852", "DFA8AA7704784955FA7045373323530548087DE8D18998BEE491AD35CB291871", "E3BAE9A30B20D04512C7C16881BAE14D80726FD5F24F3B32C3DF1C51B000477A", "E432DAD10EFE3753090EF63CF4FCD4A0EC759F3B4E8CBBF27B3179085A515230", "E51E3631448E0DDF5654BBD384101A8DB37DC212388B0C844712D8892FBB2239", "E54048B186E2B0430A492A11B734CD6DBAB437E3800A622970DF288484B9F9CA", "E549E196D67CC7F4211E92A4ACD117B096AABAEA29C3D5597F80ADA76FEC11BC", "E743D56B7F82FD91BF1B957BA0B8563CA46123EA082A5D37F1F98CC22A8DF60B", "E9094C448DDFA53F1801F49370E9B1301873155775CFD8E4A6A53500E27FBB43", "E94FC4D5470C3574EF26DFE7E8FFAADFD29403F8240A38834983ED45DD9BD8E9", "E96DE8F06A292A9130FA60039D3955521DFFAEB854F95706883006DB805B4396", "EA09E9FBD098387618AA1C1557D2087A05E48D2128850E8FF36CAD21565902BE", "EB682228014C1182EE832B8228E2E23BE97EC630FA8AE706A3D5F1FB9400D807", "EC47038748571963AEC203967CF4F70F968B6CB3B1ED421803AC8F2399BBF2F9", "ECAE9C428E6921780DCBD019FD8DB249F90FAE52B7CDFC11A8FDE3AB81842108", "ECDAD91B40717D302E53EC250B57F9219834CC0086D59A26ACB8BC5B0D731D7A", "EDF0DE3C53392E25F6AA4A41594441B3B42A688C94A63F2BE16865CBA0FDE7D7", "EE24AB0B2E014F082958A51E75EF50D8A2A13DBA178F55CE89E4F1B70E8B8524", "EFBAE115200F541965C87F131839BC2A215E7E16869C38A30DDC7E69401C200B", "F0C6A37F52FA117F69F084141018CC542283D5FED7ED1C57FC12F983AF67523E", "F11E16856730182427693A47E95D74CFF70E63BD4AC0AC55E9ED07DAC8CCA2E6", "F50CE96DB370E58B2BD628B11E11E3E12AB2CD3D0E1CFF9BF168C0A973EBCF96", "F5F132133E3907E02F44D96DFC521AFED40EDF16BB2B9225E8DD4A895F7FAF1C", "F5F7933E4670518D029E646B3B5F66B6C322058A1D1D30AD54B208AD8D95B0DE", "F665A1245FF1694ED9B578D35C955B51DAA051F90350DA793AFAC0D05F2DCC0B", "F6932FFA729B316CDBF1B06D2938B9D53FBCB3E73735DBB2B0ECB271EC493B76", "F9ADD5C0B29D5EA4036B7F3A5477FA4502428CD7F7F7ABD1AF85EE16C6650D8F", "FAF1E42F5C82479C048926996BC2931828D3108E68118BD5716CEF9D5D410444", "FC063A550738E2209B6B01FDA6D7651354D5A06F90376E98B1CDB3DA57BFF11F", "FCF66C1A96FDC8625BB9D927E042CEAA982B68F998C9AFCE8CBB28E803F9F816", "FE643C5E53E0FBF38EEF788AF49DA062DCF628EB606A68DD13F4560C0E90A9C7"]}, {"type": "ics", "idList": ["ICSA-14-353-01C", "ICSA-17-094-04", "ICSA-20-042-02", "ICSA-22-242-03"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "kaspersky", "idList": ["KLA10566"]}, {"type": "mageia", "idList": ["MGASA-2014-0371", "MGASA-2014-0384", "MGASA-2014-0385", "MGASA-2014-0444", "MGASA-2015-0020", "MGASA-2015-0063", "MGASA-2015-0152", "MGASA-2015-0179", "MGASA-2015-0195", "MGASA-2015-0266", "MGASA-2015-0268", "MGASA-2015-0358"]}, {"type": "mozilla", "idList": ["MFSA2015-64"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784367"]}, {"type": "nessus", "idList": ["700510.PRM", "8385.PRM", "8565.PRM", "8620.PRM", "8801.PRM", "8855.PRM", "8863.PRM", "8981.PRM", "9324.PRM", "9327.PRM", "9331.PRM", "9336.PRM", "9700.PRM", "9714.PRM", "9718.PRM", "AIX_IV71094.NASL", "AIX_IV71096.NASL", "AIX_IV73783.NASL", "AIX_IV74261.NASL", "AIX_IV74262.NASL", "AIX_IV74263.NASL", "AL2_ALAS-2019-1220.NASL", "ALA_ALAS-2014-407.NASL", "ALA_ALAS-2015-477.NASL", "ALA_ALAS-2015-495.NASL", "ALA_ALAS-2015-496.NASL", "ALA_ALAS-2015-514.NASL", "ALA_ALAS-2015-520.NASL", "ALA_ALAS-2015-589.NASL", "ALA_ALAS-2015-590.NASL", "ALA_ALAS-2015-596.NASL", "ALA_ALAS-2015-628.NASL", "APPLETV_9_2.NASL", "APPLE_IOS_93_CHECK.NBIN", "ASTERISK_AST_2015_002.NASL", "CENTOS_RHSA-2015-0327.NASL", "CENTOS_RHSA-2015-1254.NASL", "CENTOS_RHSA-2015-1385.NASL", "CENTOS_RHSA-2015-1419.NASL", "CENTOS_RHSA-2015-1459.NASL", "CENTOS_RHSA-2015-1636.NASL", "CENTOS_RHSA-2015-1640.NASL", "CENTOS_RHSA-2015-1664.NASL", "CENTOS_RHSA-2015-1699.NASL", "CENTOS_RHSA-2015-2159.NASL", "CENTOS_RHSA-2015-2231.NASL", "CENTOS_RHSA-2015-2345.NASL", "CENTOS_RHSA-2015-2550.NASL", "CISCO-SA-20141222-NTPD-PRIME_DCNM.NASL", "CISCO-SA-20150408-NTPD-IOS.NASL", "CISCO-SA-20150408-NTPD-IOSXE.NASL", "CISCO_ACE_A5_3_3.NASL", "DEBIAN_DLA-134.NASL", "DEBIAN_DLA-149.NASL", "DEBIAN_DLA-192.NASL", "DEBIAN_DLA-211.NASL", "DEBIAN_DLA-266.NASL", "DEBIAN_DLA-315.NASL", "DEBIAN_DLA-316.NASL", "DEBIAN_DLA-64.NASL", "DEBIAN_DLA-84.NASL", "DEBIAN_DSA-3022.NASL", "DEBIAN_DSA-3069.NASL", "DEBIAN_DSA-3122.NASL", "DEBIAN_DSA-3223.NASL", "DEBIAN_DSA-3232.NASL", "DEBIAN_DSA-3336.NASL", "DEBIAN_DSA-3430.NASL", "DEBIAN_DSA-3480.NASL", "DEBIAN_DSA-4154.NASL", "EULEROS_SA-2018-1375.NASL", "EULEROS_SA-2019-1436.NASL", "EULEROS_SA-2019-1549.NASL", "EULEROS_SA-2019-1550.NASL", "EULEROS_SA-2019-1551.NASL", "EULEROS_SA-2019-1555.NASL", "EULEROS_SA-2019-1557.NASL", "F5_BIGIP_SOL15955144.NASL", "F5_BIGIP_SOL16392.NASL", "F5_BIGIP_SOL16393.NASL", "F5_BIGIP_SOL16505.NASL", "F5_BIGIP_SOL16506.NASL", "F5_BIGIP_SOL16704.NASL", "F5_BIGIP_SOL16707.NASL", "F5_BIGIP_SOL17315.NASL", "F5_BIGIP_SOL17378.NASL", "F5_BIGIP_SOL17494.NASL", "F5_BIGIP_SOL35453761.NASL", "FEDORA_2014-10095.NASL", "FEDORA_2014-10099.NASL", "FEDORA_2014-10679.NASL", "FEDORA_2014-10714.NASL", "FEDORA_2014-10741.NASL", "FEDORA_2014-14338.NASL", "FEDORA_2014-14354.NASL", "FEDORA_2014-15706.NASL", "FEDORA_2014-16538.NASL", "FEDORA_2014-16605.NASL", "FEDORA_2014-16690.NASL", "FEDORA_2014-17596.NASL", "FEDORA_2014-17601.NASL", "FEDORA_2014-9982.NASL", "FEDORA_2015-037F844D3E.NASL", "FEDORA_2015-0415.NASL", "FEDORA_2015-0418.NASL", "FEDORA_2015-10830.NASL", "FEDORA_2015-10848.NASL", "FEDORA_2015-1736.NASL", "FEDORA_2015-1759.NASL", "FEDORA_2015-5761.NASL", "FEDORA_2015-5830.NASL", "FEDORA_2015-5874.NASL", "FEDORA_2015-6695.NASL", "FEDORA_2015-6712.NASL", "FEDORA_2015-6728.NASL", "FEDORA_2015-6853.NASL", "FEDORA_2015-6864.NASL", "FEDORA_2015-C24AF963A2.NASL", "FREEBSD_PKG_381183E8379811E5997014DAE9D210B8.NASL", "FREEBSD_PKG_44D9DAEE940C417986BB6E3FFD617869.NASL", "FREEBSD_PKG_4622635F37A111E5997014DAE9D210B8.NASL", "FREEBSD_PKG_6294F75F03F211E5AAB1D050996490D0.NASL", "FREEBSD_PKG_7656FC62A7A711E496BA001999F8D30B.NASL", "FREEBSD_PKG_9C7177FF1FE111E59A01BCAEC565249C.NASL", "FREEBSD_PKG_CAA98FFD0A9240D0B234FD79B429157E.NASL", "FREEBSD_PKG_EBD84C96DD7E11E4854E3C970E169BC2.NASL", "GENTOO_GLSA-201507-08.NASL", "GENTOO_GLSA-201507-17.NASL", "GENTOO_GLSA-201509-01.NASL", "GENTOO_GLSA-201509-02.NASL", "GENTOO_GLSA-201512-10.NASL", "GENTOO_GLSA-201602-02.NASL", "GENTOO_GLSA-201605-05.NASL", "GENTOO_GLSA-201701-37.NASL", "GENTOO_GLSA-201701-47.NASL", "HPSMH_7_2_6.NASL", "HPSMH_7_5_4.NASL", "HPUX_PHNE_44235.NASL", "HPUX_PHNE_44236.NASL", "MACOSX_10_10_3.NASL", "MACOSX_10_10_4.NASL", "MACOSX_10_10_5.NASL", "MACOSX_10_11_1.NASL", "MACOSX_10_11_4.NASL", "MACOSX_FIREFOX_31_8_ESR.NASL", "MACOSX_FIREFOX_38_1_ESR.NASL", "MACOSX_FIREFOX_39_0.NASL", "MACOSX_SECUPD2015-005.NASL", "MACOSX_SECUPD2016-002.NASL", "MANDRIVA_MDVSA-2014-184.NASL", "MANDRIVA_MDVSA-2014-187.NASL", "MANDRIVA_MDVSA-2014-213.NASL", "MANDRIVA_MDVSA-2015-021.NASL", "MANDRIVA_MDVSA-2015-046.NASL", "MANDRIVA_MDVSA-2015-092.NASL", "MANDRIVA_MDVSA-2015-098.NASL", "MANDRIVA_MDVSA-2015-140.NASL", "MANDRIVA_MDVSA-2015-202.NASL", "MANDRIVA_MDVSA-2015-219.NASL", "MANDRIVA_MDVSA-2015-220.NASL", "MOZILLA_FIREFOX_31_8_ESR.NASL", "MOZILLA_FIREFOX_38_1_ESR.NASL", "MOZILLA_FIREFOX_39_0.NASL", "NEWSTART_CGSL_NS-SA-2019-0104_CURL.NASL", "NTP_4_2_8.NASL", "NTP_4_2_8P2.NASL", "NTP_4_2_8P3.NASL", "NTP_CVE-2014-9297.NBIN", "OPENSUSE-2014-533.NASL", "OPENSUSE-2014-547.NASL", "OPENSUSE-2015-125.NASL", "OPENSUSE-2015-330.NASL", "OPENSUSE-2015-336.NASL", "OPENSUSE-2015-383.NASL", "OPENSUSE-2015-480.NASL", "OPENSUSE-2015-495.NASL", "OPENSUSE-2015-568.NASL", "OPENSUSE-2015-959.NASL", "OPENSUSE-2016-32.NASL", "ORACLELINUX_ELSA-2015-0327.NASL", "ORACLELINUX_ELSA-2015-1254.NASL", "ORACLELINUX_ELSA-2015-1385.NASL", "ORACLELINUX_ELSA-2015-1419.NASL", "ORACLELINUX_ELSA-2015-1459.NASL", "ORACLELINUX_ELSA-2015-1636.NASL", "ORACLELINUX_ELSA-2015-1640.NASL", "ORACLELINUX_ELSA-2015-1664.NASL", "ORACLELINUX_ELSA-2015-1699.NASL", "ORACLELINUX_ELSA-2015-2159.NASL", "ORACLELINUX_ELSA-2015-2231.NASL", "ORACLELINUX_ELSA-2015-2345.NASL", "ORACLELINUX_ELSA-2015-2550.NASL", "ORACLELINUX_ELSA-2017-0847.NASL", "ORACLEVM_OVMSA-2015-0097.NASL", "ORACLEVM_OVMSA-2015-0099.NASL", "ORACLEVM_OVMSA-2015-0102.NASL", "ORACLEVM_OVMSA-2015-0107.NASL", "ORACLEVM_OVMSA-2015-0117.NASL", "ORACLEVM_OVMSA-2015-0118.NASL", "ORACLEVM_OVMSA-2016-0066.NASL", "REDHAT-RHSA-2015-0327.NASL", "REDHAT-RHSA-2015-1254.NASL", "REDHAT-RHSA-2015-1385.NASL", "REDHAT-RHSA-2015-1419.NASL", "REDHAT-RHSA-2015-1459.NASL", "REDHAT-RHSA-2015-1636.NASL", "REDHAT-RHSA-2015-1640.NASL", "REDHAT-RHSA-2015-1664.NASL", "REDHAT-RHSA-2015-1699.NASL", "REDHAT-RHSA-2015-2159.NASL", "REDHAT-RHSA-2015-2231.NASL", "REDHAT-RHSA-2015-2345.NASL", "REDHAT-RHSA-2015-2550.NASL", "REDHAT-RHSA-2017-0847.NASL", "SLACKWARE_SSA_2015-111-08.NASL", "SLACKWARE_SSA_2015-302-01.NASL", "SL_20150305_GLIBC_ON_SL7_X.NASL", "SL_20150722_CURL_ON_SL6_X.NASL", "SL_20150722_LIBXML2_ON_SL6_X.NASL", "SL_20150722_NET_SNMP_ON_SL6_X.NASL", "SL_20150722_NTP_ON_SL6_X.NASL", "SL_20150817_NET_SNMP_ON_SL6_X.NASL", "SL_20150818_PAM_ON_SL6_X.NASL", "SL_20150824_NSS_ON_SL5_X.NASL", "SL_20150901_NSS_SOFTOKN_ON_SL6_X.NASL", "SL_20151119_CURL_ON_SL7_X.NASL", "SL_20151119_NET_SNMP_ON_SL7_X.NASL", "SL_20151119_NTP_ON_SL7_X.NASL", "SL_20151207_LIBXML2_ON_SL7_X.NASL", "SL_20170329_CURL_ON_SL6_X.NASL", "SOLARIS11_LIBCURL_20141014.NASL", "SOLARIS11_LIBCURL_20141216.NASL", "SOLARIS11_NET-SNMP_20141216.NASL", "SUSE_11_CURL-201501-150113.NASL", "SUSE_11_LIBSNMP15-140902.NASL", "SUSE_11_NTP-150209.NASL", "SUSE_SU-2015-0083-1.NASL", "SUSE_SU-2015-0322-1.NASL", "SUSE_SU-2015-0865-1.NASL", "SUSE_SU-2015-0962-1.NASL", "SUSE_SU-2015-0990-1.NASL", "SUSE_SU-2015-1173-1.NASL", "SUSE_SU-2015-1268-2.NASL", "SUSE_SU-2015-1269-1.NASL", "SUSE_SU-2015-1424-1.NASL", "SUSE_SU-2015-1449-1.NASL", "SUSE_SU-2015-1524-1.NASL", "SUSE_SU-2015-1556-1.NASL", "SUSE_SU-2015-1844-1.NASL", "SUSE_SU-2016-0030-1.NASL", "SUSE_SU-2016-0049-1.NASL", "SUSE_SU-2016-0470-1.NASL", "SUSE_SU-2016-1645-1.NASL", "SUSE_SU-2016-1912-1.NASL", "SUSE_SU-2017-1398-1.NASL", "UBUNTU_USN-2346-1.NASL", "UBUNTU_USN-2399-1.NASL", "UBUNTU_USN-2474-1.NASL", "UBUNTU_USN-2497-1.NASL", "UBUNTU_USN-2567-1.NASL", "UBUNTU_USN-2591-1.NASL", "UBUNTU_USN-2656-1.NASL", "UBUNTU_USN-2656-2.NASL", "UBUNTU_USN-2672-1.NASL", "UBUNTU_USN-2711-1.NASL", "UBUNTU_USN-2812-1.NASL", "UBUNTU_USN-2935-1.NASL", "UBUNTU_USN-2935-2.NASL", "UBUNTU_USN-2935-3.NASL", "UBUNTU_USN-2985-1.NASL", "UBUNTU_USN-2985-2.NASL", "WEBSPHERE_266251.NASL", "WEBSPHERE_JAVA_SERIALIZE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105425", "OPENVAS:1361412562310105677", "OPENVAS:1361412562310105835", "OPENVAS:1361412562310106069", "OPENVAS:1361412562310120060", "OPENVAS:1361412562310120065", "OPENVAS:1361412562310120090", "OPENVAS:1361412562310120169", "OPENVAS:1361412562310120172", "OPENVAS:1361412562310120290", "OPENVAS:1361412562310120492", "OPENVAS:1361412562310120510", "OPENVAS:1361412562310120531", "OPENVAS:1361412562310120618", "OPENVAS:1361412562310121389", "OPENVAS:1361412562310121398", "OPENVAS:1361412562310121407", "OPENVAS:1361412562310121408", "OPENVAS:1361412562310121432", "OPENVAS:1361412562310121441", "OPENVAS:1361412562310122754", "OPENVAS:1361412562310122757", "OPENVAS:1361412562310122761", "OPENVAS:1361412562310122794", "OPENVAS:1361412562310123015", "OPENVAS:1361412562310123021", "OPENVAS:1361412562310123024", "OPENVAS:1361412562310123026", "OPENVAS:1361412562310123052", "OPENVAS:1361412562310123056", "OPENVAS:1361412562310123068", "OPENVAS:1361412562310123070", "OPENVAS:1361412562310123175", "OPENVAS:1361412562310130031", "OPENVAS:1361412562310130109", "OPENVAS:1361412562310130111", "OPENVAS:1361412562310703022", "OPENVAS:1361412562310703069", "OPENVAS:1361412562310703122", "OPENVAS:1361412562310703154", "OPENVAS:1361412562310703223", "OPENVAS:1361412562310703232", "OPENVAS:1361412562310703336", "OPENVAS:1361412562310703430", "OPENVAS:1361412562310703480", "OPENVAS:1361412562310704154", "OPENVAS:1361412562310805676", "OPENVAS:1361412562310805905", "OPENVAS:1361412562310805906", "OPENVAS:1361412562310805907", "OPENVAS:1361412562310805908", "OPENVAS:1361412562310806148", "OPENVAS:1361412562310806624", "OPENVAS:1361412562310806693", "OPENVAS:1361412562310806695", "OPENVAS:1361412562310806792", "OPENVAS:1361412562310806883", "OPENVAS:1361412562310841967", "OPENVAS:1361412562310842025", "OPENVAS:1361412562310842049", "OPENVAS:1361412562310842087", "OPENVAS:1361412562310842167", "OPENVAS:1361412562310842186", "OPENVAS:1361412562310842277", "OPENVAS:1361412562310842279", "OPENVAS:1361412562310842280", "OPENVAS:1361412562310842415", "OPENVAS:1361412562310842535", "OPENVAS:1361412562310842696", "OPENVAS:1361412562310842697", "OPENVAS:1361412562310842699", "OPENVAS:1361412562310842773", "OPENVAS:1361412562310842775", "OPENVAS:1361412562310850613", "OPENVAS:1361412562310850664", "OPENVAS:1361412562310850782", "OPENVAS:1361412562310850815", "OPENVAS:1361412562310850933", "OPENVAS:1361412562310851042", "OPENVAS:1361412562310851106", "OPENVAS:1361412562310851113", "OPENVAS:1361412562310868175", "OPENVAS:1361412562310868178", "OPENVAS:1361412562310868185", "OPENVAS:1361412562310868370", "OPENVAS:1361412562310868469", "OPENVAS:1361412562310868525", "OPENVAS:1361412562310868581", "OPENVAS:1361412562310868649", "OPENVAS:1361412562310868702", "OPENVAS:1361412562310868820", "OPENVAS:1361412562310868827", "OPENVAS:1361412562310868913", "OPENVAS:1361412562310868917", "OPENVAS:1361412562310869005", "OPENVAS:1361412562310869009", "OPENVAS:1361412562310869285", "OPENVAS:1361412562310869308", "OPENVAS:1361412562310869311", "OPENVAS:1361412562310869334", "OPENVAS:1361412562310869345", "OPENVAS:1361412562310869482", "OPENVAS:1361412562310869500", "OPENVAS:1361412562310869656", "OPENVAS:1361412562310869674", "OPENVAS:1361412562310869729", "OPENVAS:1361412562310869792", "OPENVAS:1361412562310871331", "OPENVAS:1361412562310871401", "OPENVAS:1361412562310871405", "OPENVAS:1361412562310871407", "OPENVAS:1361412562310871411", "OPENVAS:1361412562310871429", "OPENVAS:1361412562310871433", "OPENVAS:1361412562310871437", "OPENVAS:1361412562310871442", "OPENVAS:1361412562310871490", "OPENVAS:1361412562310871491", "OPENVAS:1361412562310871492", "OPENVAS:1361412562310871514", "OPENVAS:1361412562310871792", "OPENVAS:1361412562310882246", "OPENVAS:1361412562310882249", "OPENVAS:1361412562310882253", "OPENVAS:1361412562310882254", "OPENVAS:1361412562310882256", "OPENVAS:1361412562310882271", "OPENVAS:1361412562310882272", "OPENVAS:1361412562311220181375", "OPENVAS:1361412562311220191436", "OPENVAS:1361412562311220191549", "OPENVAS:1361412562311220191550", "OPENVAS:1361412562311220191551", "OPENVAS:1361412562311220191555", "OPENVAS:1361412562311220191557", "OPENVAS:703022", "OPENVAS:703069", "OPENVAS:703122", "OPENVAS:703154", "OPENVAS:703223", "OPENVAS:703232", "OPENVAS:703336", "OPENVAS:703430", "OPENVAS:703480"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2016V3", "ORACLE:CPUJUL2015", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0327", "ELSA-2015-1254", "ELSA-2015-1385", "ELSA-2015-1419", "ELSA-2015-1459", "ELSA-2015-1636", "ELSA-2015-1640", "ELSA-2015-1664", "ELSA-2015-1699", "ELSA-2015-2159", "ELSA-2015-2231", "ELSA-2015-2345", "ELSA-2015-2550", "ELSA-2016-0685"]}, {"type": "osv", "idList": ["OSV:DLA-1317-1", "OSV:DLA-134-1", "OSV:DLA-149-1", "OSV:DLA-192-1", "OSV:DLA-211-1", "OSV:DLA-266-1", "OSV:DLA-315-1", "OSV:DLA-316-1", "OSV:DLA-64-1", "OSV:DLA-84-1", "OSV:DSA-3022-1", "OSV:DSA-3069-1", "OSV:DSA-3122-1", "OSV:DSA-3223-1", "OSV:DSA-3232-1", "OSV:DSA-3336-1", "OSV:DSA-3430-1", "OSV:DSA-3480-1", "OSV:DSA-4154-1", "OSV:GHSA-Q7WX-62R7-J2X7"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141631"]}, {"type": "redhat", "idList": ["RHSA-2015:0327", "RHSA-2015:1254", "RHSA-2015:1385", "RHSA-2015:1419", "RHSA-2015:1459", "RHSA-2015:1636", "RHSA-2015:1640", "RHSA-2015:1664", "RHSA-2015:1699", "RHSA-2015:2159", "RHSA-2015:2231", "RHSA-2015:2345", "RHSA-2015:2550", "RHSA-2017:0847"]}, {"type": "rubygems", "idList": ["RUBY:NOKOGIRI-2015-1819"]}, {"type": "saint", "idList": ["SAINT:2A4358BF31AF1DF12CC0825DE2A0B1D2", "SAINT:66FBA7CC8FD20610677EE0D63C3A16A6", "SAINT:9C099C4B9A40BE916B04858EBBBB06B1", "SAINT:C049B327B327D8889E6EDEE0F0EFB1CB"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31077", "SECURITYVULNS:DOC:31111", "SECURITYVULNS:DOC:31392", "SECURITYVULNS:DOC:31593", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:31709", "SECURITYVULNS:DOC:31887", "SECURITYVULNS:DOC:31890", "SECURITYVULNS:DOC:31950", "SECURITYVULNS:DOC:31964", "SECURITYVULNS:DOC:31976", "SECURITYVULNS:DOC:32267", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:DOC:32414", "SECURITYVULNS:DOC:32566", "SECURITYVULNS:VULN:13544", "SECURITYVULNS:VULN:13962", "SECURITYVULNS:VULN:14101", "SECURITYVULNS:VULN:14171", "SECURITYVULNS:VULN:14194", "SECURITYVULNS:VULN:14360", "SECURITYVULNS:VULN:14366", "SECURITYVULNS:VULN:14418", "SECURITYVULNS:VULN:14562", "SECURITYVULNS:VULN:14573", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:VULN:14642", "SECURITYVULNS:VULN:14702"]}, {"type": "slackware", "idList": ["SSA-2015-111-08", "SSA-2015-302-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1139-1", "OPENSUSE-SU-2015:1229-1", "OPENSUSE-SU-2015:1266-1", "SUSE-SU-2015:0259-1", "SUSE-SU-2015:0259-2", "SUSE-SU-2015:0259-3", "SUSE-SU-2015:0274-1", "SUSE-SU-2015:0322-1", "SUSE-SU-2015:1173-1", "SUSE-SU-2015:1268-1", "SUSE-SU-2015:1268-2", "SUSE-SU-2015:1269-1", "SUSE-SU-2015:1424-1", "SUSE-SU-2015:1449-1", "SUSE-SU-2016:0470-1", "SUSE-SU-2016:0786-1", "SUSE-SU-2016:1912-1", "SUSE-SU-2016:2094-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:2701-1"]}, {"type": "thn", "idList": ["THN:F73D624126468D834271728F43F4B725"]}, {"type": "threatpost", "idList": ["THREATPOST:5769C48C396166703CD9313DCCE52178", "THREATPOST:9041B76CCCD278242DD81A2F7BFCE45E"]}, {"type": "ubuntu", "idList": ["USN-2346-1", "USN-2399-1", "USN-2474-1", "USN-2497-1", "USN-2567-1", "USN-2591-1", "USN-2656-1", "USN-2656-2", "USN-2672-1", "USN-2711-1", "USN-2812-1", "USN-2935-1", "USN-2935-2", "USN-2935-3", "USN-2985-1", "USN-2985-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3565", "UB:CVE-2014-3613", "UB:CVE-2014-3707", "UB:CVE-2014-8121", "UB:CVE-2014-8150", "UB:CVE-2014-9750", "UB:CVE-2014-9751", "UB:CVE-2015-1798", "UB:CVE-2015-1799", "UB:CVE-2015-1819", "UB:CVE-2015-2730", "UB:CVE-2015-3143", "UB:CVE-2015-3148", "UB:CVE-2015-3238", "UB:CVE-2015-5621", "UB:CVE-2015-7691", "UB:CVE-2015-7692", "UB:CVE-2015-7702", "UB:CVE-2017-2628", "UB:CVE-2018-1000116", "UB:CVE-2018-18066"]}, {"type": "zdt", "idList": ["1337DAY-ID-27317"]}]}, "affected_software": {"major_version": [{"name": "ibm security identity manager", "version": 7}]}, "epss": [{"cve": "CVE-2014-3565", "epss": "0.093320000", "percentile": "0.936960000", "modified": "2023-03-20"}, {"cve": "CVE-2014-3613", "epss": "0.005610000", "percentile": "0.742440000", "modified": "2023-03-20"}, {"cve": "CVE-2014-3707", "epss": "0.002700000", "percentile": "0.627360000", "modified": "2023-03-20"}, {"cve": "CVE-2014-8121", "epss": "0.016120000", "percentile": "0.854650000", "modified": "2023-03-20"}, {"cve": "CVE-2014-8150", "epss": "0.007690000", "percentile": "0.784850000", "modified": "2023-03-20"}, {"cve": "CVE-2015-1798", "epss": "0.005660000", "percentile": "0.743880000", "modified": "2023-03-20"}, {"cve": "CVE-2015-1799", "epss": "0.005400000", "percentile": "0.737820000", "modified": "2023-03-20"}, {"cve": "CVE-2015-1819", "epss": "0.027670000", "percentile": "0.889620000", "modified": "2023-03-20"}, {"cve": "CVE-2015-2017", "epss": "0.002050000", "percentile": "0.567290000", "modified": "2023-03-20"}, {"cve": "CVE-2015-2730", "epss": "0.003210000", "percentile": "0.659560000", "modified": "2023-03-20"}, {"cve": "CVE-2015-3143", "epss": "0.013320000", "percentile": "0.839570000", "modified": "2023-03-20"}, {"cve": "CVE-2015-3148", "epss": "0.005460000", "percentile": "0.739110000", "modified": "2023-03-20"}, {"cve": "CVE-2015-3238", "epss": "0.008730000", "percentile": "0.799290000", "modified": "2023-03-20"}, {"cve": "CVE-2015-5621", "epss": "0.070310000", "percentile": "0.928800000", "modified": "2023-03-20"}, {"cve": "CVE-2015-7450", "epss": "0.974190000", "percentile": "0.998590000", "modified": "2023-03-20"}], "vulnersScore": 0.8}, "_state": {"score": 1684017862, "dependencies": 1676944354, "affected_software_major_version": 1677394894, "epss": 1679361349}, "_internal": {"score_hash": "261a65c12e456eb7dafb872fe23ed2e9"}, "affectedSoftware": [{"version": "7.0", "operator": "eq", "name": "ibm security identity manager"}]}

{"openvas": [{"lastseen": "2019-05-29T18:37:03", "description": "Oracle Linux Local Security Checks ELSA-2015-2159", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2159", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122761", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2159.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122761\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:33 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2159\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2159 - curl security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2159\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2159.html\");\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~25.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~25.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~25.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-09-23T15:11:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "RedHat Update for curl RHSA-2015:1254-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-09-16T00:00:00", "id": "OPENVAS:1361412562310871401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for curl RHSA-2015:1254-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871401\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\",\n \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:25:30 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for curl RHSA-2015:1254-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n * An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API.\n(BZ#1154059)\n\n * A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload.\n(BZ#883002)\n\n * Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n * Using the '--retry' option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"curl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1254-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~46.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.19.7~46.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~46.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~46.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-09-23T15:11:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "openvas", "title": "RedHat Update for curl RHSA-2015:2159-06", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-09-16T00:00:00", "id": "OPENVAS:1361412562310871491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871491", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for curl RHSA-2015:2159-06\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871491\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:21:32 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\",\n \"CVE-2015-3148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for curl RHSA-2015:2159-06\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The curl packages provide the libcurl\nlibrary and the curl utility for downloading files from servers using various\nprotocols, including HTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP proxy\ncould use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n * An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL version.\nThe fallback has been removed from libcurl. Users requiring this\nfunctionality can explicitly enable SSL 3.0 through the libcurl API.\n(BZ#1154060)\n\n * TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can\nexplicitly disable them through the libcurl API. (BZ#1170339)\n\n * FTP operations such as downloading files took a significantly long time\nto complete. Now, the FTP implementation in libcurl correctly sets blocking\ndirection and estimated timeout for connections, resulting in faster FTP\ntransfers. (BZ#1218272)\n\nEnhancements:\n\n * With the updated packages, it is possible to explicitly enable or disable\nnew Advanced Encryption Standard (AES) cipher suites to be used for the TLS\nprotocol. (BZ#1066065)\n\n * The libcurl library did not impleme ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"curl on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2159-06\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00028.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~25.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.29.0~25.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~25.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~25.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:32", "description": "Oracle Linux Local Security Checks ELSA-2015-1254", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1254", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1254.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123056\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:47 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1254\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1254 - curl security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1254\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1254.html\");\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~46.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~46.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~46.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:41", "description": "Oracle Linux Local Security Checks ELSA-2015-1459", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1459", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3405", "CVE-2015-1799", "CVE-2014-9298", "CVE-2014-9297", "CVE-2015-1798"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1459.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123068\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:57 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1459\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1459 - ntp security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1459\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1459.html\");\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-curl FEDORA-2015-6853", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2015-3144", "CVE-2014-3707", "CVE-2014-3620", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869345", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869345", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-curl FEDORA-2015-6853\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869345\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-05 06:13:08 +0200 (Tue, 05 May 2015)\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3144\", \"CVE-2015-3145\", \"CVE-2015-3148\",\n \"CVE-2014-8150\", \"CVE-2014-3707\", \"CVE-2014-3620\", \"CVE-2014-3613\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-curl FEDORA-2015-6853\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-curl on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6853\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-curl\", rpm:\"mingw-curl~7.42.0~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-29T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2015-6712", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2015-3145", "CVE-2015-3143", "CVE-2014-0138", "CVE-2015-3148"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2015-6712\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869308\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-29 05:26:56 +0200 (Wed, 29 Apr 2015)\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3145\", \"CVE-2015-3148\", \"CVE-2014-8150\",\n \"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\",\n \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2015-6712\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6712\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~20.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "openvas", "title": "RedHat Update for ntp RHSA-2015:2231-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9751", "CVE-2015-3405", "CVE-2015-1799", "CVE-2014-9298", "CVE-2014-9297", "CVE-2014-9750", "CVE-2015-1798"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871492", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871492", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ntp RHSA-2015:2231-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871492\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:22:17 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\",\n \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ntp RHSA-2015:2231-04\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with another referenced time source. These packages\ninclude the ntpd service which continuously adjusts system time and utilities\nused to query and configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes:\n\n * The ntpd service truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. With this update, the maximum key\nlength has been changed to 32 bytes. (BZ#1191111)\n\n * The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed. (BZ#1207014)\n\n * Previously, the ntp-keygen utility used the exponent of 3 when generating\nRSA keys. Consequently, generating RSA keys failed when FIPS mode was\nenabled. With this update, ntp-keygen has been modified to use the exponent\nof 65537, and generating keys in FIPS mode now works as expected.\n(BZ#11 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"ntp on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2231-04\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00032.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Oracle Linux Local Security Checks ELSA-2015-2231", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2231", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9751", "CVE-2015-3405", "CVE-2015-1799", "CVE-2014-9298", "CVE-2014-9297", "CVE-2014-9750", "CVE-2015-1798"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122754", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2231.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122754\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:27 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2231\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2231 - ntp security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2231\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2231.html\");\n script_cve_id(\"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:58:47", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9298", "CVE-2014-9297"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120172", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120172\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:11 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-496)\");\n script_tag(name:\"insight\", value:\"It was reported that ntp misses validation of vallen value, leading to various information leaks. See for more details. (CVE-2014-9297 )It was reported that ntp allows bypassing source IP ACLs on some OSes when ::1 spoofed. (CVE-2014-9298 )\");\n script_tag(name:\"solution\", value:\"Run yum update ntp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-496.html\");\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~27.23.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~27.23.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~27.23.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~27.23.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-07-24T12:52:51", "description": "Several vulnerabilities were\ndiscovered in the ntp package, an implementation of the Network Time Protocol.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2014-9297\nStephen Roettger of the Google Security Team, Sebastian Krahmer of\nthe SUSE Security Team and Harlan Stenn of Network Time Foundation\ndiscovered that the length value in extension fields is not properly\nvalidated in several code paths in ntp_crypto.c, which could lead to\ninformation leakage or denial of service (ntpd crash).\n\nCVE-2014-9298\nStephen Roettger of the Google Security Team reported that ACLs\nbased on IPv6 ::1 addresses can be bypassed.", "cvss3": {}, "published": "2015-02-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3154-1 (ntp - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9298", "CVE-2014-9297"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703154", "href": "http://plugins.openvas.org/nasl.php?oid=703154", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3154.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3154-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703154);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_name(\"Debian Security Advisory DSA 3154-1 (ntp - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-05 00:00:00 +0100 (Thu, 05 Feb 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3154.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"ntp on Debian Linux\");\n script_tag(name: \"insight\", value: \"NTP, the Network Time Protocol,\nis used to keep computer clocks accurate by synchronizing them over the\nInternet or a local network, or by following an accurate hardware receiver\nthat interprets GPS, DCF-77, NIST or similar time signals.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-4.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were\ndiscovered in the ntp package, an implementation of the Network Time Protocol.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2014-9297\nStephen Roettger of the Google Security Team, Sebastian Krahmer of\nthe SUSE Security Team and Harlan Stenn of Network Time Foundation\ndiscovered that the length value in extension fields is not properly\nvalidated in several code paths in ntp_crypto.c, which could lead to\ninformation leakage or denial of service (ntpd crash).\n\nCVE-2014-9298\nStephen Roettger of the Google Security Team reported that ACLs\nbased on IPv6 ::1 addresses can be bypassed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-2+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-2+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-2+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-03-19T12:36:53", "description": "Several vulnerabilities were\ndiscovered in the ntp package, an implementation of the Network Time Protocol.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2014-9297\nStephen Roettger of the Google Security Team, Sebastian Krahmer of\nthe SUSE Security Team and Harlan Stenn of Network Time Foundation\ndiscovered that the length value in extension fields is not properly\nvalidated in several code paths in ntp_crypto.c, which could lead to\ninformation leakage or denial of service (ntpd crash).\n\nCVE-2014-9298\nStephen Roettger of the Google Security Team reported that ACLs\nbased on IPv6 ::1 addresses can be bypassed.", "cvss3": {}, "published": "2015-02-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3154-1 (ntp - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9298", "CVE-2014-9297"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703154", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3154.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3154-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703154\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_name(\"Debian Security Advisory DSA 3154-1 (ntp - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-05 00:00:00 +0100 (Thu, 05 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3154.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"ntp on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-4.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were\ndiscovered in the ntp package, an implementation of the Network Time Protocol.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2014-9297\nStephen Roettger of the Google Security Team, Sebastian Krahmer of\nthe SUSE Security Team and Harlan Stenn of Network Time Foundation\ndiscovered that the length value in extension fields is not properly\nvalidated in several code paths in ntp_crypto.c, which could lead to\ninformation leakage or denial of service (ntpd crash).\n\nCVE-2014-9298\nStephen Roettger of the Google Security Team reported that ACLs\nbased on IPv6 ::1 addresses can be bypassed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-03-14T14:27:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-02-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for ntp USN-2497-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9298", "CVE-2014-9297"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842087", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for ntp USN-2497-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842087\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-10 05:30:53 +0100 (Tue, 10 Feb 2015)\");\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for ntp USN-2497-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Stephen Roettger, Sebastian Krahmer, and\nHarlan Stenn discovered that NTP incorrectly handled the length value in\nextension fields. A remote attacker could use this issue to possibly obtain\nleaked information, or cause the NTP daemon to crash, resulting in a denial of\nservice. (CVE-2014-9297)\n\nStephen Roettger discovered that NTP incorrectly handled ACLs based on\ncertain IPv6 addresses. (CVE-2014-9298)\");\n script_tag(name:\"affected\", value:\"ntp on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2497-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2497-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p3+dfsg-1ubuntu3.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.4p8+dfsg-1ubuntu2.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-03-17T22:59:10", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-477)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8150", "CVE-2014-3707"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120290", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120290\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:22:56 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-477)\");\n script_tag(name:\"insight\", value:\"The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. (CVE-2014-3707 )CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. (CVE-2014-8150 )\");\n script_tag(name:\"solution\", value:\"Run yum update curl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-477.html\");\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-8150\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.40.0~1.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.40.0~1.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.40.0~1.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.40.0~1.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for net-snmp USN-2711-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2014-3565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for net-snmp USN-2711-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842415\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-18 06:51:06 +0200 (Tue, 18 Aug 2015)\");\n script_cve_id(\"CVE-2014-3565\", \"CVE-2015-5621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for net-snmp USN-2711-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'net-snmp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Net-SNMP incorrectly\nhandled certain trap messages when the -OQ option was used. A remote attacker\ncould use this issue to cause Net-SNMP to crash, resulting in a denial of service.\n(CVE-2014-3565)\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing\nfailures. A remote attacker could use this issue to cause Net-SNMP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2015-5621)\");\n script_tag(name:\"affected\", value:\"net-snmp on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2711-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2711-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsnmp30:amd64\", ver:\"5.7.2~dfsg-8.1ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libsnmp30:i386\", ver:\"5.7.2~dfsg-8.1ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsnmp15\", ver:\"5.4.3~dfsg-2.4ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-09T15:19:12", "description": "Multiple Cisco products incorporate a version of the ntpd package.\n Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated,\n remote attacker to bypass authentication controls or to create a denial of service (DoS) condition.\n\n On April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding\n bypass of authentication controls. These vulnerabilities are referenced in this document as follows:\n\n - CVE-2015-1798: NTP Authentication bypass vulnerability\n\n - CVE-2015-1799: NTP Authentication doesn", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "modified": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310105677", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105677", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:cisco:ios_xe\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105677\");\n script_cve_id(\"CVE-2015-1799\", \"CVE-2015-1798\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd\");\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=36857\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Multiple Cisco products incorporate a version of the ntpd package.\n Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated,\n remote attacker to bypass authentication controls or to create a denial of service (DoS) condition.\n\n On April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding\n bypass of authentication controls. These vulnerabilities are referenced in this document as follows:\n\n - CVE-2015-1798: NTP Authentication bypass vulnerability\n\n - CVE-2015-1799: NTP Authentication doesn't protect symmetric associations against DoS attacks\n\n Cisco has released software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities are available.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 10:51:31 +0200 (Tue, 10 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ios_xe_version.nasl\");\n script_mandatory_keys(\"cisco_ios_xe/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n '2.1.0',\n '2.1.1',\n '2.1.2',\n '2.2.1',\n '2.2.2',\n '2.2.3',\n '2.3.0',\n '2.3.0t',\n '2.3.1t',\n '2.3.2',\n '2.4.0',\n '2.4.1',\n '2.5.0',\n '2.5.1',\n '2.5.2',\n '2.6.0',\n '2.6.1',\n '2.6.2',\n '3.1.0S',\n '3.1.1S',\n '3.1.2S',\n '3.1.3S',\n '3.1.4S',\n '3.1.5S',\n '3.1.6S',\n '3.1.0SG',\n '3.1.1SG',\n '3.2.0S',\n '3.2.1S',\n '3.2.2S',\n '3.2.3S',\n '3.2.0SE',\n '3.2.1SE',\n '3.2.2SE',\n '3.2.3SE',\n '3.2.0SG',\n '3.2.1SG',\n '3.2.2SG',\n '3.2.3SG',\n '3.2.4SG',\n '3.2.5SG',\n '3.2.6SG',\n '3.2.7SG',\n '3.2.8SG',\n '3.2.9SG',\n '3.2.0XO',\n '3.2.1XO',\n '3.3.0S',\n '3.3.1S',\n '3.3.2S',\n '3.3.0SE',\n '3.3.1SE',\n '3.3.2SE',\n '3.3.3SE',\n '3.3.4SE',\n '3.3.5SE',\n '3.3.0SG',\n '3.3.1SG',\n '3.3.2SG',\n '3.3.0SQ',\n '3.3.1SQ',\n '3.3.0XO',\n '3.3.1XO',\n '3.3.2XO',\n '3.4.0S',\n '3.4.1S',\n '3.4.2S',\n '3.4.3S',\n '3.4.4S',\n '3.4.5S',\n '3.4.6S',\n '3.4.0SG',\n '3.4.1SG',\n '3.4.2SG',\n '3.4.3SG',\n '3.4.4SG',\n '3.4.5SG',\n '3.4.0SQ',\n '3.4.1SQ',\n '3.5.0E',\n '3.5.1E',\n '3.5.2E',\n '3.5.3E',\n '3.5.0S',\n '3.5.1S',\n '3.5.2S',\n '3.6.0E',\n '3.6.1E',\n '3.6.0S',\n '3.6.1S',\n '3.6.2S',\n '3.7.0E',\n '3.7.0S',\n '3.7.1S',\n '3.7.2S',\n '3.7.3S',\n '3.7.4S',\n '3.7.5S',\n '3.7.6S',\n '3.7.7S',\n '3.8.0S',\n '3.8.1S',\n '3.8.2S',\n '3.9.0S',\n '3.9.1S',\n '3.9.2S',\n '3.10.0S',\n '3.10.0S',\n '3.10.1S',\n '3.10.2S',\n '3.10.3S',\n '3.10.4S',\n '3.10.5S',\n '3.10.6S',\n '3.11.0S',\n '3.11.1S',\n '3.11.2S',\n '3.11.3S',\n '3.11.4S',\n '3.12.0S',\n '3.12.1S',\n '3.12.2S',\n '3.12.3S',\n '3.13.0S',\n '3.13.1S',\n '3.13.2S',\n '3.14.0S',\n '3.14.1S',\n '3.14.2S',\n '3.14.3S',\n '3.14.4S',\n '3.15.0S' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2015-5761", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869656", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2015-5761\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869656\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:32:22 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-1799\", \"CVE-2015-1798\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2015-5761\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~30.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-03-17T22:58:43", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-520)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120060", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120060\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:30 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-520)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in NTP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update ntp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-520.html\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:25", "description": "Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798\nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799\nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.", "cvss3": {}, "published": "2015-04-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3223-1 (ntp - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703223", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3223.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3223-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703223\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_name(\"Debian Security Advisory DSA 3223-1 (ntp - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-12 00:00:00 +0200 (Sun, 12 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3223.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"ntp on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798\nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799\nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:48", "description": "Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798 \nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799 \nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.", "cvss3": {}, "published": "2015-04-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3223-1 (ntp - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703223", "href": "http://plugins.openvas.org/nasl.php?oid=703223", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3223.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3223-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703223);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_name(\"Debian Security Advisory DSA 3223-1 (ntp - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-12 00:00:00 +0200 (Sun, 12 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3223.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"ntp on Debian Linux\");\n script_tag(name: \"insight\", value: \"NTP, the Network Time Protocol,\nis used to keep computer clocks accurate by synchronizing them over the\nInternet or a local network, or by following an accurate hardware receiver\nthat interprets GPS, DCF-77, NIST or similar time signals.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798 \nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799 \nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for ntp USN-2567-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842167", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for ntp USN-2567-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842167\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-14 07:18:57 +0200 (Tue, 14 Apr 2015)\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for ntp USN-2567-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Miroslav Lichvar discovered that NTP\nincorrectly validated MAC fields. A remote attacker could possibly use this issue\nto bypass authentication and spoof packets. (CVE-2015-1798)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain invalid\npackets. A remote attacker could possibly use this issue to cause a denial\nof service. (CVE-2015-1799)\n\nJuergen Perlinger discovered that NTP incorrectly generated MD5 keys on\nbig-endian platforms. This issue could either cause ntp-keygen to hang, or\ncould result in non-random keys. (CVE number pending)\");\n script_tag(name:\"affected\", value:\"ntp on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2567-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2567-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.10.3\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p3+dfsg-1ubuntu3.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-05-03T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2015-6728", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8150", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869334", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2015-6728\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869334\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-03 05:41:14 +0200 (Sun, 03 May 2015)\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3144\", \"CVE-2015-3145\", \"CVE-2015-3148\",\n \"CVE-2014-8150\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2015-6728\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6728\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.37.0~14.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-curl FEDORA-2015-6864", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8150", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-curl FEDORA-2015-6864\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869729\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:40:35 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\", \"CVE-2015-3145\",\n \"CVE-2015-3144\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-curl FEDORA-2015-6864\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-curl on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6864\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-curl\", rpm:\"mingw-curl~7.42.0~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-23T00:00:00", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2015-5874", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9296", "CVE-2014-9294", "CVE-2015-1799", "CVE-2014-9298", "CVE-2014-9295", "CVE-2014-9297", "CVE-2015-1798", "CVE-2014-9293"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2015-5874\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869285\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-23 07:32:50 +0200 (Thu, 23 Apr 2015)\");\n script_cve_id(\"CVE-2015-1799\", \"CVE-2015-1798\", \"CVE-2014-9297\", \"CVE-2014-9298\",\n \"CVE-2014-9293\", \"CVE-2014-9294\", \"CVE-2014-9295\", \"CVE-2014-9296\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2015-5874\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5874\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:25", "description": "Junos OS is prone to multiple vulnerabilities in\ncURL and libcurl.", "cvss3": {}, "published": "2016-05-07T00:00:00", "type": "openvas", "title": "Junos Multiple cURL and libcurl Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2015-3153", "CVE-2015-3144", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2015-3145", "CVE-2015-3143", "CVE-2014-8151", "CVE-2015-3148"], "modified": "2018-10-25T00:00:00", "id": "OPENVAS:1361412562310106069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_JSA10743.nasl 12096 2018-10-25 12:26:02Z asteins $\n#\n# Junos Multiple cURL and libcurl Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106069\");\n script_version(\"$Revision: 12096 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-25 14:26:02 +0200 (Thu, 25 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-07 00:05:01 +0200 (Sat, 07 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2015-3144\", \"CVE-2015-3145\", \"CVE-2014-8151\", \"CVE-2014-3613\",\n \"CVE-2014-3620\", \"CVE-2015-3143\", \"CVE-2015-3148\", \"CVE-2015-3153\",\n \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2014-0015\");\n\n script_name(\"Junos Multiple cURL and libcurl Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to multiple vulnerabilities in\ncURL and libcurl.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Junos OS have been\nresolved by updating cURL and libcurl library. These are used to support downloading\nupdates or importing data into a Junos device.\n\nLibcurl and cURL were upgraded from 7.36.0 to 7.42.1\");\n\n script_tag(name:\"impact\", value:\"The vulnerabilities range from denial of service attacks\nuntil information disclosure. Please check the according CVE resources for more details.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10743\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^12\") {\n if (revcomp(a: version, b: \"12.1X46-D50\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.1X46-D50\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X47-D40\") < 0) &&\n (revcomp(a: version, b: \"12.1X47\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.1X47-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3R11\") < 0) &&\n (revcomp(a: version, b: \"12.3\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.3R11\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3X48-D30\") < 0) &&\n (revcomp(a: version, b: \"12.3X48\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.3X48-D30\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a: version, b: \"13.2R9\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.2R9\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.2X51-D39\") < 0) &&\n (revcomp(a: version, b: \"13.2X51\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.2X51-D39\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.3R8\") < 0) &&\n (revcomp(a: version, b: \"13.3\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.3R8\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R6\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1R6\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.1X53-D30\") < 0) &&\n (revcomp(a: version, b: \"14.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1X53-D30\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R5\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.2R5\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^15\") {\n if (revcomp(a: version, b: \"15.1R2\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R2\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D40\") < 0) &&\n (revcomp(a: version, b: \"14.1X49\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X49-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D35\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X53-D35\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-29T00:00:00", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2015-5830", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9296", "CVE-2015-3405", "CVE-2014-9294", "CVE-2015-1799", "CVE-2014-9298", "CVE-2014-9295", "CVE-2014-9297", "CVE-2015-1798", "CVE-2014-9293"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869311", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2015-5830\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869311\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-29 05:27:11 +0200 (Wed, 29 Apr 2015)\");\n script_cve_id(\"CVE-2015-1799\", \"CVE-2015-1798\", \"CVE-2014-9297\", \"CVE-2014-9298\",\n \"CVE-2014-9293\", \"CVE-2014-9294\", \"CVE-2014-9295\", \"CVE-2014-9296\",\n \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2015-5830\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5830\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~30.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "RedHat Update for ntp RHSA-2015:1459-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9751", "CVE-2015-3405", "CVE-2015-1799", "CVE-2014-9298", "CVE-2014-9750", "CVE-2015-1798"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871405", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ntp RHSA-2015:1459-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871405\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:26:09 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ntp RHSA-2015:1459-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith another referenced time source.\n\nIt was found that because NTP's access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send malicious\ncontrol and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2014-9751)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes:\n\n * The ntpd daemon truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. The maximum length of keys has now\nbeen changed to 32 bytes. (BZ#1053551)\n\n * The ntp-keygen utility used the exponent of 3 when generating RSA keys,\nand generating RSA keys failed when FIPS mode was enabled. ntp-keygen has\nbeen modified to use the exponent of 65537, and generating keys in FIPS\nmode now works as expected. (BZ#1184421)\n\n * The ntpd daemon included a root delay when calculating its root\ndispersion. Consequently, the NTP server reported larger root dispersion\nthan it should have and clients could reject the source when its distance\nreached the maximum synchronization distance (1.5 seconds by default).\nCalculation of root dispersion has been fixed, the root dispersion is now\nreported correctly, and clients no longer reject t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"ntp on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1459-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00036.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-11T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2015-0418", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2015-0418\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868913\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-11 06:21:48 +0100 (Sun, 11 Jan 2015)\");\n script_cve_id(\"CVE-2014-8150\", \"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\",\n \"CVE-2014-0138\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2015-0418\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-0418\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~18.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:35", "description": "Gentoo Linux Local Security Checks GLSA 201509-01", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201509-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5146", "CVE-2015-1799", "CVE-2015-1798"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201509-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121407\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:29:01 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201509-01\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201509-01\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-5146\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201509-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/ntp\", unaffected: make_list(\"ge 4.2.8_p3\"), vulnerable: make_list(\"lt 4.2.8_p3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-curl FEDORA-2014-17601", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-3620"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868702", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-curl FEDORA-2014-17601\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868702\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:43:24 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-3620\", \"CVE-2014-3613\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for mingw-curl FEDORA-2014-17601\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-curl on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17601\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147347.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-curl\", rpm:\"mingw-curl~7.39.0~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-31T18:38:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for ntp (SUSE-SU-2015:0259-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9294", "CVE-2014-9298", "CVE-2014-9297", "CVE-2014-9293"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850782", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850782", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850782\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 15:33:05 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-9293\", \"CVE-2014-9294\", \"CVE-2014-9297\", \"CVE-2014-9298\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for ntp (SUSE-SU-2015:0259-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ntp has been updated to fix four security issues:\n\n * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier\n for remote attackers to defeat cryptographic protection mechanisms\n via a brute-force attack. (bsc#910764)\n\n * CVE-2014-9293: The config_auth function, when an auth key is not\n configured, improperly generated a key, which made it easier for\n remote attackers to defeat cryptographic protection mechanisms via a\n brute-force attack. (bsc#910764)\n\n * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs\n based on IPv6 ::1 addresses could be bypassed. (bsc#910764)\n\n * CVE-2014-9297: vallen is not validated in several places in\n ntp_crypto.c, leading to potential information leak. (bsc#910764)\n\n Security Issues:\n\n * CVE-2014-9294\n\n * CVE-2014-9293\n\n * CVE-2014-9298\n\n * CVE-2014-9297\");\n\n script_tag(name:\"affected\", value:\"ntp on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0259-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p8~1.29.32.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.4p8~1.29.32.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:37:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for ntp (SUSE-SU-2015:0274-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9294", "CVE-2014-9298", "CVE-2014-9297", "CVE-2014-9293"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851106", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851106\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:09:31 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-9293\", \"CVE-2014-9294\", \"CVE-2014-9297\", \"CVE-2014-9298\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for ntp (SUSE-SU-2015:0274-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ntp was updated to fix four security issues.\n\n These security issues were fixed:\n\n - CVE-2014-9294: util/ntp-keygen.c in ntp-keygen used a weak RNG seed,\n which made it easier for remote attackers to defeat cryptographic\n protection mechanisms via a brute-force attack (bnc#910764 911792).\n\n - CVE-2014-9293: The config_auth function in ntpd, when an auth key was\n not configured, improperly generated a key, which made it easier for\n remote attackers to defeat cryptographic protection mechanisms via a\n brute-force attack (bnc#910764 911792).\n\n - CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6\n ::1 addresses could be bypassed (bnc#911792).\n\n - CVE-2014-9297: Information leak by not properly checking a length in\n several places in ntp_crypto.c (bnc#911792).\");\n\n script_tag(name:\"affected\", value:\"ntp on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0274-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~37.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~37.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debugsource\", rpm:\"ntp-debugsource~4.2.6p5~37.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~37.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~37.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~37.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debugsource\", rpm:\"ntp-debugsource~4.2.6p5~37.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~37.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for ntp (SUSE-SU-2015:0259-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9294", "CVE-2014-9298", "CVE-2014-9297", "CVE-2014-9293"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851113", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851113\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:17:02 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-9293\", \"CVE-2014-9294\", \"CVE-2014-9297\", \"CVE-2014-9298\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for ntp (SUSE-SU-2015:0259-2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ntp has been updated to fix four security issues:\n\n * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier\n for remote attackers to defeat cryptographic protection mechanisms\n via a brute-force attack. (bsc#910764)\n\n * CVE-2014-9293: The config_auth function, when an auth key is not\n configured, improperly generated a key, which made it easier for\n remote attackers to defeat cryptographic protection mechanisms via a\n brute-force attack. (bsc#910764)\n\n * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs\n based on IPv6 ::1 addresses could be bypassed. (bsc#910764)\n\n * CVE-2014-9297: vallen is not validated in several places in\n ntp_crypto.c, leading to potential information leak. (bsc#910764)\n\n Security Issues:\n\n * CVE-2014-9294\n\n * CVE-2014-9293\n\n * CVE-2014-9298\n\n * CVE-2014-9297\");\n\n script_tag(name:\"affected\", value:\"ntp on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0259-2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p8~1.29.32.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.4p8~1.29.32.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:37:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for ntp (SUSE-SU-2015:0259-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9294", "CVE-2014-9298", "CVE-2014-9297", "CVE-2014-9293"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850933", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850933\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:39:57 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-9293\", \"CVE-2014-9294\", \"CVE-2014-9297\", \"CVE-2014-9298\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for ntp (SUSE-SU-2015:0259-3)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ntp has been updated to fix four security issues:\n\n * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier\n for remote attackers to defeat cryptographic protection mechanisms\n via a brute-force attack. (bsc#910764)\n\n * CVE-2014-9293: The config_auth function, when an auth key is not\n configured, improperly generated a key, which made it easier for\n remote attackers to defeat cryptographic protection mechanisms via a\n brute-force attack. (bsc#910764)\n\n * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs\n based on IPv6 ::1 addresses could be bypassed. (bsc#910764)\n\n * CVE-2014-9297: vallen is not validated in several places in\n ntp_crypto.c, leading to potential information leak. (bsc#910764)\n\n Security Issues:\n\n * CVE-2014-9294\n\n * CVE-2014-9293\n\n * CVE-2014-9298\n\n * CVE-2014-9297\");\n\n script_tag(name:\"affected\", value:\"ntp on SUSE Linux Enterprise Server 11 SP1 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0259-3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p8~1.29.32.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.4p8~1.29.32.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:58:37", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120531", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120531\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:43 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-514)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in curl. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update curl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-514.html\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3148\", \"CVE-2015-3145\", \"CVE-2015-3144\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.40.0~3.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.40.0~3.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.40.0~3.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.40.0~3.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2015-6695", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2015-6695\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869500\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:20:32 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3144\", \"CVE-2015-3145\", \"CVE-2015-3148\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2015-6695\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6695\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.40.0~3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:57", "description": "Several vulnerabilities were\ndiscovered in cURL, an URL transfer library:\n\nCVE-2015-3143\nNTLM-authenticated connections could be wrongly reused for requests\nwithout any credentials set, leading to HTTP requests being sent\nover the connection authenticated as a different user. This is\nsimilar to the issue fixed in DSA-2849-1.\n\nCVE-2015-3144\nWhen parsing URLs with a zero-length hostname,\nlibcurl would try to read from an invalid memory address. This could\nallow remote attackers to cause a denial of service (crash). This\nissue only affects the upcoming stable (jessie) and unstable (sid)\ndistributions.\n\nCVE-2015-3145When parsing HTTP cookies, if the parsed cookie", "cvss3": {}, "published": "2015-04-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3232-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703232", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3232.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3232-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703232\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3144\", \"CVE-2015-3145\", \"CVE-2015-3148\");\n script_name(\"Debian Security Advisory DSA 3232-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 00:00:00 +0200 (Wed, 22 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3232.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 7.26.0-1+wheezy13.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1.\n\nWe recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were\ndiscovered in cURL, an URL transfer library:\n\nCVE-2015-3143\nNTLM-authenticated connections could be wrongly reused for requests\nwithout any credentials set, leading to HTTP requests being sent\nover the connection authenticated as a different user. This is\nsimilar to the issue fixed in DSA-2849-1.\n\nCVE-2015-3144\nWhen parsing URLs with a zero-length hostname,\nlibcurl would try to read from an invalid memory address. This could\nallow remote attackers to cause a denial of service (crash). This\nissue only affects the upcoming stable (jessie) and unstable (sid)\ndistributions.\n\nCVE-2015-3145When parsing HTTP cookies, if the parsed cookie's path\nelement\nconsists of a single double-quote, libcurl would try to write to an\ninvalid heap memory address. This could allow remote attackers to\ncause a denial of service (crash). This issue only affects the\nupcoming stable (jessie) and unstable (sid) distributions.\n\nCVE-2015-3148\nWhen doing HTTP requests using the Negotiate authentication method\nalong with NTLM, the connection used would not be marked as\nauthenticated, making it possible to reuse it and send requests for\none user over the connection authenticated as a different user.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg:amd64\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg:i386\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy13\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:54:01", "description": "Several vulnerabilities were\ndiscovered in cURL, an URL transfer library:\n\nCVE-2015-3143 \nNTLM-authenticated connections could be wrongly reused for requests\nwithout any credentials set, leading to HTTP requests being sent\nover the connection authenticated as a different user. This is\nsimilar to the issue fixed in DSA-2849-1.\n\nCVE-2015-3144 \nWhen parsing URLs with a zero-length hostname (such as ", "cvss3": {}, "published": "2015-04-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3232-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703232", "href": "http://plugins.openvas.org/nasl.php?oid=703232", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3232.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3232-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703232);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3144\", \"CVE-2015-3145\", \"CVE-2015-3148\");\n script_name(\"Debian Security Advisory DSA 3232-1 (curl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-22 00:00:00 +0200 (Wed, 22 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3232.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"curl on Debian Linux\");\n script_tag(name: \"insight\", value: \"curl is a command line tool for\ntransferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER,\nHTTP, HTTPS, IMAP, IMAPS, LDAP, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS,\nTELNET and TFTP.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 7.26.0-1+wheezy13.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1.\n\nWe recommend that you upgrade your curl packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were\ndiscovered in cURL, an URL transfer library:\n\nCVE-2015-3143 \nNTLM-authenticated connections could be wrongly reused for requests\nwithout any credentials set, leading to HTTP requests being sent\nover the connection authenticated as a different user. This is\nsimilar to the issue fixed in DSA-2849-1.\n\nCVE-2015-3144 \nWhen parsing URLs with a zero-length hostname (such as 'http://:80'),\nlibcurl would try to read from an invalid memory address. This could\nallow remote attackers to cause a denial of service (crash). This\nissue only affects the upcoming stable (jessie) and unstable (sid)\ndistributions.\n\nCVE-2015-3145When parsing HTTP cookies, if the parsed cookie's path \nelement\nconsists of a single double-quote, libcurl would try to write to an\ninvalid heap memory address. This could allow remote attackers to\ncause a denial of service (crash). This issue only affects the\nupcoming stable (jessie) and unstable (sid) distributions.\n\nCVE-2015-3148 \nWhen doing HTTP requests using the Negotiate authentication method\nalong with NTLM, the connection used would not be marked as\nauthenticated, making it possible to reuse it and send requests for\none user over the connection authenticated as a different user.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg:amd64\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg:i386\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy13\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ibm": [{"lastseen": "2023-02-21T01:50:55", "description": "## Summary\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>)** \nDESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102888_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102888>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>)** \nDESCRIPTION:** libcurl and cURL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102878_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.2 \nIBM Security Network Protection 5.3 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from [_IBM Fix Central_](<http://www-933.ibm.com/support/fixcentral/>) and upload and install via the Fix Packs page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3| Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:30:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2018-06-16T21:30:39", "id": "C869EEC83BD16543720F7AAE437BAC980B3CA9305C2B781C9D9C4734959DBAD2", "href": "https://www.ibm.com/support/pages/node/266455", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T21:53:28", "description": "## Summary\n\nPowerKVM is affected by several vulnerabilities in curl. These vulnerabilities are now fixed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>)** \nDESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102888_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102888>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>)** \nDESCRIPTION:** libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102878_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nFix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) for v2.1 in 2.1.1 Build 65.5 and all later 2.1.1 SP3 service builds and 2.1.1 fix packs. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>) for 3.1 service build 2 or later. \n \nFor systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using \"yum update\".\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T01:30:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2018-06-18T01:30:31", "id": "040B6A6E818B242212561F6E4BE52B51424C0DAE007AE3654693FC77954351C9", "href": "https://www.ibm.com/support/pages/node/682131", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T21:53:31", "description": "## Summary\n\nMultiple security vulnerabilities have been discovered in curl that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>)** \nDESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102888_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102888>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>)** \nDESCRIPTION:** libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102878_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3153_](<https://vulners.com/cve/CVE-2015-3153>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by custom HTTP headers with sensitive content being sent to the server and intermediate proxy by the CURLOPT_HTTPHEADER option. An attacker could exploit this vulnerability to obtain authentication cookies or other sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102989_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102989>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.x \nFlex System Manager 1.3.3.x \nFlex System Manager 1.3.2.x \nFlex System Manager 1.3.1.x \nFlex System Manager 1.3.0.x \nFlex System Manager 1.2.x.x \nFlex System Manager 1.1.x.x\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n**Warning**: Agents older than version 6.3.5 must be updated using the Technote listed in these Remediation plans before this FSM fix is installed or you will permanently lose contact with the endpoint with agents older than version 6.3.5 \n \n\n\nProduct | \n\nVRMF | \n\nAPAR | \n\nRemediation \n---|---|---|--- \nFlex System Manager| \n\n1.3.4.x | \n\nIT12601\n\n| Verify the required Java updates have been completed, then install [fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of Technote [761981453](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>) \n \nFlex System Manager| \n\n1.3.3.x | \n\nIT12601\n\n| Verify the required Java updates have been completed, then install [fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of [](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>)Technote [736218441](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas724cb521f58c4126286257dfd005c1958>) \n \nFlex System Manager| \n\n1.3.2.x | \n\nIT12601\n\n| Verify the required Java updates have been completed, then install [fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of [](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>)Technote [736218441](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas724cb521f58c4126286257dfd005c1958>) \n \nFlex System Manager| \n\n1.3.1.x | \n\nIT12601\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.3.0.x | \n\nIT12601\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.2.x.x | \n\nIT12601\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.1.x.x | \n\nIT12601\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T01:30:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148", "CVE-2015-3153"], "modified": "2018-06-18T01:30:20", "id": "E549E196D67CC7F4211E92A4ACD117B096AABAEA29C3D5597F80ADA76FEC11BC", "href": "https://www.ibm.com/support/pages/node/681985", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-05T13:53:20", "description": "## Summary\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Intrusion Prevention System.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>)** \nDESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102888_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102888>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>)** \nDESCRIPTION:** libcurl and cURL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102878_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3153_](<https://vulners.com/cve/CVE-2015-3153>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by custom HTTP headers with sensitive content being sent to the server and intermediate proxy by the CURLOPT_HTTPHEADER option. An attacker could exploit this vulnerability to obtain authentication cookies or other sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102989_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102989>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nProducts: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n \nFirmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-System-FP0011_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-System-FP0015_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6| [_4.6.0.0-ISS-ProvG-AllModels-System-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.5| [_4.5.0.0-ISS-ProvG-AllModels-System-FP0015_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.4| [_4.4.0.0-ISS-ProvG-AllModels-System-FP0015_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.3| [_4.3.0.0-ISS-ProvG-AllModels-System-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-02-23T19:48:26", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148", "CVE-2015-3153"], "modified": "2022-02-23T19:48:26", "id": "4C634C284BD54453EDF86F87DC5CD62853248F0BDE7951DCBDA064BBEAF116C9", "href": "https://www.ibm.com/support/pages/node/269071", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-05T13:57:45", "description": "## Summary\n\ncurl is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>)** \nDESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102888_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102888>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>)** \nDESCRIPTION:** libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102878_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3153_](<https://vulners.com/cve/CVE-2015-3153>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by custom HTTP headers with sensitive content being sent to the server and intermediate proxy by the CURLOPT_HTTPHEADER option. An attacker could exploit this vulnerability to obtain authentication cookies or other sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102989_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102989>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n \n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\n \nPower HMC V7.9.0.0 \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0 \nPower HMC V8.3.0.0 \nPower HMC V8.4.0.0 \n\n## Remediation/Fixes\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.9.0 SP2\n\n| \n\nMB03974\n\n| \n\n[Apply eFix MH01579](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.1.0 SP2\n\n| \n\nMB03975\n\n| \n\n[Apply eFix MH01580](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.1.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.2.0 SP2\n\n| \n\nMB03976\n\n| \n\n[Apply eFix MH01581](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.2.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.3.0 SP1\n\n| \n\nMB03977\n\n| \n\n[Apply eFix MH01582](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.3.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.4.0\n\n| \n\nMH01559\n\n| \n\n[Apply eFix MH01560](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.4.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in curl affect Power Hardware Management Console (CVE-2015-3143 CVE-2015-3148 CVE-2015-3153 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148", "CVE-2015-3153"], "modified": "2021-09-23T01:31:39", "id": "6267DE38B967CE58A1DEF6DF551BAD027CBFF54363ECBB40F2FC6D3AD4190A8D", "href": "https://www.ibm.com/support/pages/node/666613", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T05:51:48", "description": "## Summary\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. \n \nIBM Security Access Manager for Mobile uses NTP and is affected by multiple NTP vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-9297_](<https://vulners.com/cve/CVE-2014-9297>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-9298_](<https://vulners.com/cve/CVE-2014-9298>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-3405_](<https://vulners.com/cve/CVE-2015-3405>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the generation of MD5 symmetric keys on big-endian systems by the ntp-keygen utility. An attacker could exploit this vulnerability using the generated MD5 keys to spoof an NTP client or server. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104387_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104387>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile 8.0 appliances, all firmware versions \nIBM Security Access Manager 9.0 appliances, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Mobile| 8.0 - 8.0.1.3| IV80926| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-ISAM-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \n2\\. Apply 8.0.1.3 Interim Fix 4: \n[8.0.1.3-ISS-ISAM-IF0004 ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0.1.3&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0| IV80905| 1\\. Upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 1: \n[_9.0.0.1-ISS-ISAM-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:39:29", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Mobile is affected by multiple NTP vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2018-06-16T21:39:29", "id": "34F17EDBCA597769CA40F522E44EB3BD8BCC8B0A10B748E6F83CC653B0977D3C", "href": "https://www.ibm.com/support/pages/node/540797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:51:52", "description": "## Summary\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. \n \nIBM Security Access Manager for Web uses NTP and is affected by multiple NTP vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-9297_](<https://vulners.com/cve/CVE-2014-9297>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-9298_](<https://vulners.com/cve/CVE-2014-9298>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-3405_](<https://vulners.com/cve/CVE-2015-3405>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the generation of MD5 symmetric keys on big-endian systems by the ntp-keygen utility. An attacker could exploit this vulnerability using the generated MD5 keys to spoof an NTP client or server. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104387_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104387>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web 7.0 appliances, all firmware versions \nIBM Security Access Manager for Web 8.0 appliances, all firmware versions \nIBM Security Access Manager 9.0 appliances, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 - 7.0.0.20 (appliances)| IV80982| 1\\. Apply Interim Fix 21: \n[_7.0.0-ISS-WGA-IF0021_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0 - 8.0.1.3| IV80905| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-WGA-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0&platform=All&function=all>)** ** \n2\\. Apply 8.0.1.3 Interim Fix 4:[_8.0.1.3-ISS-WGA-IF0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager| 9.0 - 9.0.0.1| IV80905| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 1: \n[_9.0.0.1-ISS-ISAM-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:38:59", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2018-06-16T21:38:59", "id": "F50CE96DB370E58B2BD628B11E11E3E12AB2CD3D0E1CFF9BF168C0A973EBCF96", "href": "https://www.ibm.com/support/pages/node/538915", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:38:41", "description": "## Summary\n\n \nNTP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. \n\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-9297_](<https://vulners.com/cve/CVE-2014-9297>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100004> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N\\/AC:L\\/Au:N\\/C:N\\/I:P\\/A:N) \n\n**CVEID:** [_CVE-2014-9298_](<https://vulners.com/cve/CVE-2014-9298>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100005> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N\\/AC:L\\/Au:N\\/C:P\\/I:N\\/A:N)\n\n## Affected Products and Versions\n\n \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0 \nPower HMC V8.3.0.0\n\n## Remediation/Fixes\n\n \nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV8.8.1.0 SP2\n\n| \n\nMB03938\n\n| \n\nApply eFix MH01550 \n \nPower HMC\n\n| \n\nV8.8.2.0 SP2\n\n| \n\nMB03873 \n\n| \n\nApply Service Pack 2 MH01488 \n \nPower HMC\n\n| \n\nV8.8.3.0\n\n| \n\nMB03939\n\n| \n\nApply eFix MH01551 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in NTP Affect Power Hardware Management Console (CVE-2014-9297, CVE-2014-9298)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298"], "modified": "2021-09-23T01:31:39", "id": "FE643C5E53E0FBF38EEF788AF49DA062DCF628EB606A68DD13F4560C0E90A9C7", "href": "https://www.ibm.com/support/pages/node/666381", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:51:52", "description": "## Summary\n\nIBM Security Access Manager is affected by vulnerabilities in cURL and libcURL. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Security Access Manager 9.0 appliances, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager| 9.0 - 9.0.0.1| IV80969| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 1: \n[_9.0.0.1-ISS-ISAM-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## ", "cvss3": {}, "published": "2018-06-16T21:39:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in cURL and libcURL affect IBM Security Access Manager (CVE-2014-3613, CVE-2014-8150)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150"], "modified": "2018-06-16T21:39:01", "id": "4859A03E2D2DEA9521079F5A59E2CD0663790B832430431C8328095E4764F181", "href": "https://www.ibm.com/support/pages/node/539041", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T05:51:49", "description": "## Summary\n\nIBM Security Access Manager for Mobile is affected by denial of service vulnerabilities in Net-SNMP.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3565_](<https://vulners.com/cve/CVE-2014-3565>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95638_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95638>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile 8.0 appliances, all firmware versions \nIBM Security Access Manager 9.0 appliances, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Mobile| 8.0 - 8.0.1.3| IV80761 \nIV80963| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-ISAM-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \n2\\. Apply 8.0.1.3 Interim Fix 4: \n[8.0.1.3-ISS-ISAM-IF0004 ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0.1.3&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0 - 9.0.0.1| IV80684 \nIV80945| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 1: \n[_9.0.0.1-ISS-ISAM-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n \n## ", "cvss3": {}, "published": "2018-06-16T21:39:29", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Mobile (CVE-2014-3565, CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2018-06-16T21:39:29", "id": "82F246436CF20352218C8642378C24F0FC172BB533B032A084E47DAC4081E232", "href": "https://www.ibm.com/support/pages/node/540883", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:55", "description": "## Summary\n\nIBM Security Access Manager for Web is affected by denial of service vulnerabilities in Net-SNMP. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3565_](<https://vulners.com/cve/CVE-2014-3565>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95638_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95638>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nBM Security Access Manager for Web 7.0 appliances, all firmware versions \nIBM Security Access Manager for Web 8.0 appliances, all firmware versions \nIBM Security Access Manager 9.0 appliances, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 - 7.0.0.20 (appliances)| IV80685 \nIV80984| 1\\. Apply Interim Fix 21: \n[_7.0.0-ISS-WGA-IF0021_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0 - 8.0.1.3| IV80684 \nIV80945| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-WGA-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0&platform=All&function=all>)** ** \n2\\. Apply 8.0.1.3 Interim Fix 4:[_8.0.1.3-ISS-WGA-IF0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager| 9.0 - 9.0.0.1| IV80684 \nIV80945| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 1: \n[_9.0.0.1-ISS-ISAM-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## ", "cvss3": {}, "published": "2018-06-16T21:38:59", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2018-06-16T21:38:59", "id": "A89942FAB58AC82EB0C1EA7C23CD9F0CA0E09BB7B7B61D1626F11029ADDD61BC", "href": "https://www.ibm.com/support/pages/node/538903", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:44:57", "description": "## Summary\n\nMultiple vulnerabilities in Bind, glibc, net-snmp, spice affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5722, CVE-2015-5621, CVE-2014-3565, CVE-2014-8121, CVE-2015-3247).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5722_](<https://vulners.com/cve/CVE-2015-5722>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the exit of a validating resolver due to an assertion failure in buffer.c..By parsing a malformed DNSSEC key, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106089_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106089>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n \n**CVEID:** [_CVE-2015-3247_](<https://vulners.com/cve/CVE-2015-3247>)** \nDESCRIPTION:** Red Hat spice is vulnerable to a heap-based buffer overflow, caused by improper bounds checking within worker_update_monitors_config() in spice-server. A remote attacker could overflow a buffer to crash the host QEMU-KVM process. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106182_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/106182>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H) \n \n**CVEID:** [_CVE-2014-8121_](<https://vulners.com/cve/CVE-2014-8121>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102652_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102652>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-5621](<https://vulners.com/cve/CVE-2015-5621>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105232> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n \n**CVEID:** [CVE-2014-3565](<https://vulners.com/cve/CVE-2014-3565>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n** IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance**\n\n## Remediation/Fixes\n\nIf you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact [_IBM support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:30:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in bind, glibc, net-snmp, spice affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2014-8121", "CVE-2015-3247", "CVE-2015-5621", "CVE-2015-5722"], "modified": "2018-06-17T22:30:13", "id": "845F645C756E501D515D3D79A4AFDD9B71567E0F6FAC37814BC4092FE127BE92", "href": "https://www.ibm.com/support/pages/node/267865", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T21:53:21", "description": "## Summary\n\nPowerKVM is affected by several vulnerabilities in Network Time Protocol (NTP). These vulnerabilities are now fixed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-9297_](<https://vulners.com/cve/CVE-2014-9297>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100004_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100004>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-9298_](<https://vulners.com/cve/CVE-2014-9298>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100005_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100005>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-9750_](<https://vulners.com/cve/CVE-2014-9750>)** \nDESCRIPTION:** NTP NTPd could allow a remote attacker to obtain sensitive information, caused by an error in ntp_crypto.c when Autokey Authentication is enabled. By sending a malformed packet, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109527_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109527>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2014-9751_](<https://vulners.com/cve/CVE-2014-9751>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the failure to properly determine whether a source IP address is an IPv6 loopback address by the read_network_packet function. By sending a specially crafted packet, an attacker could exploit this vulnerability to spoof restricted packets. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109548_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109548>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-3405_](<https://vulners.com/cve/CVE-2015-3405>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the generation of MD5 symmetric keys on big-endian systems by the ntp-keygen utility. An attacker could exploit this vulnerability using the generated MD5 keys to spoof an NTP client or server. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104387_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104387>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-8138_](<https://vulners.com/cve/CVE-2015-8138>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending a specially crafted packet with an origin timestamp of zero, an attacker could exploit this vulnerability to bypass the timestamp validation check. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110025_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110025>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n \nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>) for 3.1.0 service pack 1 (SP1) or later. \n \nFor version 2.1, the fix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) in 2.1.1 Build 65.7 and all later 2.1.1 SP3 service builds and 2.1.1 service packs. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:30:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405", "CVE-2015-8138"], "modified": "2018-06-18T01:30:44", "id": "87366B40E9156D7447CB2456B21C8ABF70E610637C7BE9F93FC7DAE990860D03", "href": "https://www.ibm.com/support/pages/node/628391", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:44:56", "description": "## Summary\n\nMultiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance (CVE-2014-9679, CVE-2015-1158, CVE-2015-1159, CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148,CVE-2015-1802, CVE-2015-1803, CVE-2015-1804).\n\n## Vulnerability Details\n\n[**CVEID**: CVE-2014-9679](<https://vulners.com/cve/CVE-2014-9679>) \n**DESCRIPTION:** CUPS is vulnerable to a buffer overflow, caused by an integer overflow in cupsRasterReadPixels. By persuading a victim to open a specially-crafted raster file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101014> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [_CVE-2015-1158_](<https://vulners.com/cve/CVE-2015-1158>)** \nDESCRIPTION:** Apple CUPS could allow a remote attacker to gain elevated privileges on the system, caused by the improper handling of localized strings. By sending specially crafted strings, an attacker could exploit this vulnerability to cause the admin/conf and admin access control lists to fail and gain elevated privileges on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [_CVE-2015-1159_](<https://vulners.com/cve/CVE-2015-1159>)** \nDESCRIPTION:** Apple CUPS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the templating engine. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>) \n**DESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95925> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>) \n**DESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98562> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>) \n**DESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100567> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>) \n**DESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102888> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>) \n**DESCRIPTION:** libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102878> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2015-1802_](<https://vulners.com/cve/CVE-2015-1802>)** \nDESCRIPTION:** X.Org libXfont could allow a local attacker to gain elevated privileges on the system, caused by an error in bdfReadProperties() in the property count when parsing malicious files. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101608> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVEID:** [_CVE-2015-1803_](<https://vulners.com/cve/CVE-2015-1803>)** \nDESCRIPTION:** X.Org libXfont is vulnerable to a denial of service, caused by an invalid pointer in bdfReadCharacters() when parsing malicious files. A local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101609> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C) \n \n**CVEID:** [_CVE-2015-1804_](<https://vulners.com/cve/CVE-2015-1804>)** \nDESCRIPTION:** X.Org libXfont could allow a local attacker to gain elevated privileges on the system, caused by an error in bdfReadCharacters() when parsing malicious files. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101610> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance\n\n## Remediation/Fixes\n\nIf you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact [_IBM support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:30:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159", "CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2018-06-17T22:30:13", "id": "6B90E63F56044D7852A73ED9C273A429EB3E85A179D0901F9DD542EC74189D83", "href": "https://www.ibm.com/support/pages/node/267345", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:47:29", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerabilities. \n \n \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-8100](<https://vulners.com/cve/CVE-2015-8100>) \n**DESCRIPTION:** OpenBSD could allow a local attacker to obtain sensitive information, caused by the use of 0644 permissions for snmpd.conf by the net-snmp package. By reading the file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107941> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2015-5621](<https://vulners.com/cve/CVE-2015-5621>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105232> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2014-3565](<https://vulners.com/cve/CVE-2014-3565>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95638> for the current score\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Guardium | 10.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&amp;fixids=SqlGuard_10.0p512_Sep-24-2018&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-09-28T04:30:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621", "CVE-2015-8100"], "modified": "2018-09-28T04:30:01", "id": "D8535E734E3F548AB07B02CDF92FA67398F7AECF95E5C679590DDB4CBD927D88", "href": "https://www.ibm.com/support/pages/node/730329", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:50:56", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in NTP used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-3405_](<https://vulners.com/cve/CVE-2015-3405>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the generation of MD5 symmetric keys on big-endian systems by the ntp-keygen utility. An attacker could exploit this vulnerability using the generated MD5 keys to spoof an NTP client or server. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104387_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104387>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.2 \nIBM Security Network Protection 5.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from [_IBM Fix Central_](<http://www-933.ibm.com/support/fixcentral/>) and upload and install via the Fix Packs page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3| Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:30:32", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2018-06-16T21:30:32", "id": "247BFCDF2EA03556711B4CF4275D54CC93B20878270FEB9C93CDBCDCF022116A", "href": "https://www.ibm.com/support/pages/node/265925", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-05T06:00:03", "description": "## Summary\n\nntp is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-3405_](<https://vulners.com/cve/CVE-2015-3405>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the generation of MD5 symmetric keys on big-endian systems by the ntp-keygen utility. An attacker could exploit this vulnerability using the generated MD5 keys to spoof an NTP client or server. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104387_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104387>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\n \nPower HMC V7.3.0.0 (_Applicable CVEs_ \\- CVE-2015-3405, CVE-2015-1799) \nPower HMC V7.9.0.0 (_Applicable CVEs_ \\- CVE-2015-3405, CVE-2015-1799) \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0 \nPower HMC V8.3.0.0 \nPower HMC V8.4.0.0 \n\n## Remediation/Fixes\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.3.0 SP1\n\n| \n\nMB03972\n\n| \n\n[Apply eFix MH01547](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.3.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV7.7.9.0 SP2\n\n| \n\nMB03974\n\n| \n\n[Apply eFix MH01579](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.1.0 SP2\n\n| \n\nMB03975\n\n| \n\n[Apply eFix MH01580](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.1.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.2.0 SP2\n\n| \n\nMB03976\n\n| \n\n[Apply eFix MH01581](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.2.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.3.0 SP1\n\n| \n\nMB03977\n\n| \n\n[Apply eFix MH01574](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.3.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.4.0\n\n| \n\nMH01559\n\n| \n\n[Apply eFix MH01560](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.4.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-1798 CVE-2015-1799 CVE-2015-3405)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-09-23T01:31:39", "id": "AB17D322C4BB2B46D442D900C498EC353D5CA49885073C855E7528ADFFD7BEB0", "href": "https://www.ibm.com/support/pages/node/666603", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:39:24", "description": "## Summary\n\nThe IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-9293_](<https://vulners.com/cve/CVE-2014-9293>)** \n** \n**DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could provide weaker than expected security, caused by the improper generation of a key by the config_auth function when an auth key is not configured. A remote attacker could exploit this vulnerability using brute force techniques to guess the generated key. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99576_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99576>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-9294_](<https://vulners.com/cve/CVE-2014-9294>)** \n** \n**DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could provide weaker than expected security, caused by the use of a weak RNG seed by ntp-keygen.c. A remote attacker could exploit this vulnerability using brute force techniques to defeat cryptographic protection mechanisms. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99577_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99577>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-9295_](<https://vulners.com/cve/CVE-2014-9295>)** \n** \n**DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to multiple stack-based buffer overflows, caused by improper bounds checking by ntpd. By sending specially-crafted packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99578_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99578>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [_CVE-2014-9296_](<https://vulners.com/cve/CVE-2014-9296>)** \n** \n**DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by the continual execution of the receive function after detecting an error. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99579_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99579>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2014-9297_](<https://vulners.com/cve/CVE-2014-9297>)** \n** \n**DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100004_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100004>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-9298_](<https://vulners.com/cve/CVE-2014-9298>)** \n** \n**DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100005_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100005>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \n** \n**DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \n \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM Smart Analytics System 7600 \nIBM Smart Analytics System 7700 \nIBM Smart Analytics System 7710 \nIBM PureData System for Operational Analytics V1.0 (A1791) \nIBM PureData System for Operational Analytics V1.1 (A1801)\n\n## Remediation/Fixes\n\nFor each affected component in the table, download the recommended fix, and install using the link in the **Installation instructions** column. \n \nFor more information about IBM IDs, see the [Help and FAQ](<https://www.ibm.com/account/profile/us?page=faqhelp>). \n \n\n\nIBM Smart Analytics System 7600 \n--- \n**Affected Component**| **Recommended Fix**| **Download Link**| **Installation Instructions** \nIBM AIX NTPv3| Install Interim Fix IV74261s5a.150714.epkg.Z| [Security Bulletin: Vulnerability in NTPv3 affects AIX](<http://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc>) \nIBM Power Hardware Management Console (HMC) V7 R7.9.0| Update to V7 R7.9.0 SP1 and install fix MH01512| [IBM Fix Central: MH01512](<http://www.ibm.com/support/fixcentral/main/quickorder?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=all&source=fc>)| [Installing a IBM Hardware Management Console fix in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21671109#mh01425>) \nJuniper EX4200| Update to 12.3R9| [Juniper EX4200: 12.3R9](<http://www.juniper.net/support/downloads/?p=ex4200#sw>)| [Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches](<http://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/release-notes/12.3/topic-69605.html#rn-junos-ex-upgrade-downgrade>) \n**IBM Smart Analytics System 7700 and 7710** \n**Affected Component**| **Recommended Fix**| **Download Link**| **Installation Instructions** \nIBM AIX NTPv3| Install Interim Fix IV74261s5a.150714.epkg.Z| [Security Bulletin: Vulnerability in NTPv3 affects AIX](<http://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc>) \nIBM Power Hardware Management Console (HMC) V7 R7.9.0| Update to V7 R7.9.0 SP1 and install fix MH01512| [IBM Fix Central: MH01512](<http://www.ibm.com/support/fixcentral/main/quickorder?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=all&source=fc>)| [Installing a IBM Hardware Management Console fix in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21671109#mh01425>) \nJuniper EX4200 and EX4500 Switches| Update to 12.3R9| [Juniper EX4200: 12.3R9](<http://www.juniper.net/support/downloads/?p=ex4200#sw>) \n \n[Juniper EX4500: 12.3R9](<http://www.juniper.net/support/downloads/?p=ex4500#sw>)| [Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches](<http://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/release-notes/12.3/topic-69605.html#rn-junos-ex-upgrade-downgrade>) \n**IBM PureData System for Operational Analytics V1.0 (A1791)**** and ****V1.1 (A1801)** \n**Affected Component**| **Recommended Fix**| **Download Link**| **Installation Instructions** \nIBM AIX NTPv3| Install Interim Fix IV74261s5a.150714.epkg.Z| [Security Bulletin: Vulnerability in NTPv3 affects AIX](<http://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc>) \nIBM Power Hardware Management Console (HMC) V8 R8.1.0| Update to V8 R8.1.0 SP2 and install fix MH01550| [IBM Fix Central: MH01550](<http://www.ibm.com/support/fixcentral/main/quickorder?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.1.0&platform=All&function=all&source=fc>)| [Installing a IBM Hardware Management Console fix in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21671109#mh01425>) \n \n**For assistance, contact IBM Support:**\n\n * In the United States and Canada dial **1-800-IBM-SERV**\n * View the support [contacts for other countries](<http://www.ibm.com/planetwide/>) outside of the United States. \n * Electronically [open a Service Request](<http://www.ibm.com/software/data/db2/support/db2_9/probsub.html>) with IBM Support.\n\n## ", "cvss3": {}, "published": "2019-10-18T03:50:04", "type": "ibm", "title": "Security Bulletin: IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9293", "CVE-2014-9294", "CVE-2014-9295", "CVE-2014-9296", "CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1799"], "modified": "2019-10-18T03:50:04", "id": "A4A4F68247E34060CF99010985E8950767AA036049D18C92754BC1F861E71488", "href": "https://www.ibm.com/support/pages/node/266037", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:52:45", "description": "## Summary\n\nThere are multiple vulnerabilities in ntp that is used by IBM Flex System Manager.\n\n## Vulnerability Details\n\n## Summary\n\nThere are multiple vulnerabilities in ntp that is used by IBM Flex System Manager.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2014-9293](<https://vulners.com/cve/CVE-2014-9293>)\n\n**Description:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could provide weaker than expected security, caused by the improper generation of a key by the config_auth function when an auth key is not configured. A remote attacker could exploit this vulnerability using brute force techniques to guess the generated key.\n\nCVSS Base Score: 5.00 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/99576> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-9294](<https://vulners.com/cve/CVE-2014-9294>)\n\n**Description:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could provide weaker than expected security, caused by the use of a weak RNG seed by ntp-keygen.c. A remote attacker could exploit this vulnerability using brute force techniques to defeat cryptographic protection mechanisms.\n\nCVSS Base Score: 5.00 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/99577> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-9297](<https://vulners.com/cve/CVE-2014-9297>)\n\n**Description:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system.\n\nCVSS Base Score: 5.00 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/100004> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-9298](<https://vulners.com/cve/CVE-2014-9298>)\n\n**Description:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information.\n\nCVSS Base Score: 5.00 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/100005](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected products and versions\n\n * Flex System Manager 1.1.x.x\n * Flex System Manager 1.2.0.x\n * Flex System Manager 1.2.1.x\n * Flex System Manager 1.3.0.x\n * Flex System Manager 1.3.1.x\n * Flex System Manager 1.3.2.x\n * Flex System Manager 1.3.3.x\n * Flex System Manager 1.3.4.x\n\n## Remediation/Fixes:\n\nProduct | VRMF | APAR | Remediation \n---|---|---|--- \nFlex System Manager | 1.3.4.x | IT07949 | [ fsmfix1.3.4.0_IT06254_IT06272_IT07949_IT10916](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm/systemx/8731&fixids=fsmfix1.3.4.0_IT06254_IT06272_IT07949_IT10916>) \nFlex System Manager | 1.3.3.x | IT07949 | [ fsmfix_1.3.3.0_IT06254_IT07949](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm/systemx/8731&fixids=fsmfix1.3.3.0_IT06254_IT07949>) \nFlex System Manager | 1.3.2.x | IT07949 | [ fsmfix_1.3.2.0_IT06254_IT07949](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm/systemx/8731&fixids=fsmfix1.3.2.0_IT06254_IT07949>) \nFlex System Manager | 1.3.1.x | IT07949 | [ fsmfix_1.3.1.0_IT06254_IT07949](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm/systemx/8731&fixids=fsmfix1.3.1.0_IT06254_IT07949>) \n**Warning:** This release contains other unfixed vulnerabilities. IBM recommends upgrading to FSM 1.3.4.0 and following the appropriate remediation for all vulnerabilities. \nFlex System Manager | 1.3.0.x | IT07949 | [ fsmfix_1.3.0.0_IT06254_IT07949](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm/systemx/8731&fixids=fsmfix1.3.0.0_IT06254_IT07949>) \n**Warning:** This release contains other unfixed vulnerabilities. IBM recommends upgrading to FSM 1.3.4.0 and following the appropriate remediation for all vulnerabilities. \nFlex System Manager | 1.2.1.x | IT07949 | IBM is no longer providing code updates for this release, upgrade to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities. \nFlex System Manager | 1.2.0.x | IT07949 | IBM is no longer providing code updates for this release, upgrade to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities. \n \n## Workaround(s) &amp; Mitigation(s):\n\nNone.\n\n## Reference:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n06 April 2015: Original Copy Published \n01 October 2015: Updated for version 1.3.3 \n12 October 2015: Updated for version 1.3.4\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T01:45:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM) (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9293", "CVE-2014-9294", "CVE-2014-9297", "CVE-2014-9298"], "modified": "2019-01-31T01:45:01", "id": "94561E58BB5907DB076DA0896D6CA5AE051EDB3A712949502585560DEBE608E6", "href": "https://www.ibm.com/support/pages/node/866446", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:02", "description": "## Summary\n\nWebsphere Application Server is shipped as a component of Jazz for Service Management. Information about the security vulnerabilities affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the below security bulletins \n \n[Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21970575>) \n \n[Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)](<http://www-01.ibm.com/support/docview.wss?uid=swg21966837>) \n \nfor vulnerability details and information about fixes\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nJazz for Service Management version 1.1, 1.1.1, 1.1.2| Websphere Application Server 8.5.5 Full Profile \n \n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:13:10", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2015-7450) (CVE-2015-2017)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2017", "CVE-2015-7450"], "modified": "2018-06-17T15:13:10", "id": "305CFF54D1B74278AA889780BABE7E0790314E9D321B6262C0EA59170C7721E6", "href": "https://www.ibm.com/support/pages/node/271947", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:45:47", "description": "## Summary\n\nIBM WebSphere Application Server is embedded in Tivoli Integrated Portal shipped as a component of Tivoli Network Manager IP Edition 3.8, 3.9, 4.1, 4.1.1 and 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the below security bulletins \n\n \n[_Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21970575>) \n[_Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21966837>) \n \nfor vulnerability details and information about fixes \n\n## Affected Products and Versions\n\n_Principal Product and Version(s)_| _Affected Supporting Product and Version_ \n---|--- \nIBM Tivoli Network Manager 3.8| Bundled the TIP version 1.1.1.x, which bundles IBM WebSphere version 6.1.0.x. \nIBM Tivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x, which bundles IBM WebSphere version 7.0.0.x. \nIBM Tivoli Network Manager 4.1 and 4.1.1| Bundled the TIP version 2.2.0.x, which bundles IBM WebSphere version 7.0.0.x. \nIBM Tivoli Network Manager 4.2| IBM Tivoli Network Manager 4.2 requires to install IBM Websphere Application Server Version 8.5.5.5 or later version separately. Users are recommended to apply IBM WebSphere version 8.5.5.5 Security Interim Fixes.. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:20:04", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server embedded in Tivoli Integrated Portal shipped with Tivoli Network Manager IP Edition (CVE-2015-7450) (CVE-2015-2017)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2017", "CVE-2015-7450"], "modified": "2018-06-17T15:20:04", "id": "9E3FCEB3C8DC76AD3152DBCC2EFEFAB5F229FFCEF4CF1D756D45190726CF3D0D", "href": "https://www.ibm.com/support/pages/node/545607", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:47:08", "description": "## Summary\n\nEmbedded version of Websphere Application Server is shipped as a component of Tivoli Integrated Portal. Information about the security vulnerabilities affecting Embedded version of Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the below security bulletins \n \n[Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21970575>) \n \n[Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)](<http://www-01.ibm.com/support/docview.wss?uid=swg21966837>) \n \nfor vulnerability details and information about fixes\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nTivoli Integrated Portal version 2.1 \nTivoli Integrated Portal version 2.2 \nTivoli Integrated Portal version 1.1.1.x \n(wherever applicable)| embedded Websphere Application Server version 7.0 \nembedded Websphere Application Server version 7.0 \nembedded Websphere Application Server version 6.1 \n(wherever applicable) \n \n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:13:10", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2015-7450) (CVE-2015-2017)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2017", "CVE-2015-7450"], "modified": "2018-06-17T15:13:10", "id": "D6EF0A354BC60FD9763CCD91736DAA8B1445C437C0A7B30389216581A9447D9D", "href": "https://www.ibm.com/support/pages/node/271931", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-05T05:55:21", "description": "## Summary\n\nAn Apache Commons Collections vulnerability for handling Java object deserialization was addressed by Tivoli Storage Productivity Center and IBM Spectrum Control.\n\n## Vulnerability Details\n\n**CVEID:**[](<https://vulners.com/cve/CVE-2015-7450>) [CVE-2015-7450](<https://vulners.com/cve/CVE-2015-7450>) \n**DESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107918> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Spectrum Control 5.2.9 \nTivoli Storage Productivity Center 5.2.0 through 5.2.7 \nTivoli Storage Productivity Center 5.1.0 through 5.1.1.9 \n \nTivoli Storage Productivity Center 4.x and 3.x are not affected. \nIBM Spectrum Control 5.2.8 is not affected. \n \n*** Important:** Although IBM Spectrum Control 5.2.8 is not affected by this vulnerability, if you have applied version 5.2.9, the vulnerability has been re-introduced and must be remediated.\n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control or Tivoli Storage Productivity Center fix maintenance for each named product and execute the manual steps listed below. \n \nIf you cannot upgrade to a fixed level of IBM Spectrum Control or Tivoli Storage Productivity Center, you can follow a procedure to apply an IBM WebSphere Application Server interim fix to your existing server as a mitigation noted here. \n\n**Note:** It is always recommended to have a current backup before applying any update procedure.\n\n&lt; /br &gt;\n\n \n \n**_IBM Spectrum Control 5.2.x and Tivoli Storage Productivity Center V5.2.x_** \n \n\n\n**Affected Version**\n\n| \n\n**APAR**\n\n| \n\n**Fixed Version**\n\n| \n\n**Availability** \n \n---|---|---|--- \n5.2.0 - 5.2.7| IT14418| 5.2.8** ***| December 2015 \n5.2.9** ***| IT15009| 5.2.10| May 2016 \n*** Important:** This vulnerability is not resolved in IBM Spectrum Control 5.2.9, even if you previously applied IBM Spectrum Control 5.2.8. \n \nApply fix maintenance as soon as practicable. (See [_Latest Downloads_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>)) \n\n\n&lt; /br &gt;\n\n \n \n**_Tivoli Storage Productivity Center V5.1.x_** \n \n\n\n**Affected Version**\n\n| \n\n**APAR**\n\n| \n\n**Fixed Version**\n\n| \n\n**Availability** \n \n---|---|---|--- \n5.1.x| IT14418| 5.1.1.10 \n \nManual update steps are required in addition to applying 5.1.1.10. See steps below this table.| April 2016 \nApply fix maintenance as soon as practicable. (See [_Latest Downloads_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>)) \n \nThese manual steps are required in addition to applying the V5.1.1.10 fixpack. \n \nTivoli Storage Productivity Center 5.1.x embeds Tivoli Integrated Portal 2.2 which embeds Websphere Application Server 7.0 and requires the corresponding fix below. Follow these steps to apply the fix: \n\n\n1\\. Download Websphere iFix PI52103 for WAS 7.0.0.0 (7.0.0.0-WS-WAS-IFPI52103) \n<http://www-01.ibm.com/support/docview.wss?uid=swg24041257> \n \n2\\. Apply the WebSphere Application Server 7.0 ifix PI52103 to Tivoli Integrated Portal using the preinstalled WAS Update Installer \n \n_ On Windows, the default location for WAS Update Installer is:_ \n[TPC_Install_Location]\\IBM\\tipv2\\WebSphereUpdateInstallerV7\\ \n \n**Reference****:** [Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2015-7450) (CVE-2015-2017)](<http://www.ibm.com/support/docview.wss?uid=swg21971089>)\n\n&lt; /br &gt;\n\n## Workarounds and Mitigations\n\n \nApplying IBM WebSphere Application Server interim fix PI52103 is an alternate option to mitigate the vulnerability if you cannot move up to a fixed level as noted in the table above. For more information, review the Websphere Application Server security bulletin: <http://www-01.ibm.com/support/docview.wss?uid=swg21970575>\n\n**Note:** Prior to applying the WebSphere Application Server interim fix, ensure Tivoli Storage Productivity Center is at the latest maintenance level -- 5.1.1.9, 5.2.7 or 5.2.9. If you later upgrade to a version of Tivoli Storage Productivity Center that does not contain a fix, you will need to perform this mitigation again. (See [_Latest Downloads_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>)) \n\n**Note:** It is always recommended to have a current backup before applying any update procedure.\n\n**Procedure for mitigation of IBM Spectrum Control 5.2.9 and Tivoli Storage Productivity Center 5.2.x and 5.1.1.x:**\n\n1\\. Download Websphere iFix PI52103 for Websphere Application Server 8.0.0.0 (8.0.0.0-WS-WAS-IFPI52103) from this location: [http://www.ibm.com/support/docview.wss?uid=swg24041257](<http://www-01.ibm.com/support/docview.wss?uid=swg24041257>)\n\n2\\. If IBM Installation Manager is not yet installed on the IBM Spectrum Control or Tivoli Storage Productivity server system, download and install IBM Installation Manager. It is recommended to use the latest version -- currently 1.8.3, available here: [_http://www.ibm.com/support/docview.wss?uid=swg24039631_](<http://www-01.ibm.com/support/docview.wss?uid=swg24039631>)\n\n3\\. Launch IBM Installation Manager from the command line, specifying the IMData directory. The following is an example for Windows: \n\n\n \nIBMIM.exe -dataLocation &lt;TPC_dir&gt;\\IMData \n\nwhere TPC_dir might be \\Program Files\\IBM\\TPC\n\n \n4\\. From the IBM Installation Manager UI: \n\n \na. Select 'File' -&gt; 'Preferences' \n\nb. Click on 'Add repository'\n\nc. Select the directory containing the WAS iFix. Press 'OK'\n\nd. Choose the 'Update' icon\n\ne. Select WAS iFix PI52103 and press 'Next'\n\nf. Verify the pre-installation summary is correct and select 'Update'\n\n \n \n**Additional procedure for mitigation of Tivoli Integrated Portal used by Tivoli Storage Productivity Center 5.1.1.x only:** \n \nTivoli Storage Productivity Center 5.1.x embeds Tivoli Integrated Portal 2.2 which embeds Websphere Application Server 7.0 and requires the corresponding fix below. Follow these steps to apply the fix: \n \n1\\. Download Websphere iFix PI52103 for WAS 7.0.0.0 (7.0.0.0-WS-WAS-IFPI52103) \n[http://www.ibm.com/support/docview.wss?uid=swg24041257](<http://www-01.ibm.com/support/docview.wss?uid=swg24041257>) \n \n2\\. Apply the WebSphere Application Server 7.0 ifix PI52103 to Tivoli Integrated Portal using the preinstalled WAS Update Installer \n \n_ On Windows, the default location for WAS Update Installer is:_ \n[TPC_Install_Location]\\IBM\\tipv2\\WebSphereUpdateInstallerV7\\ \n \n**Reference:** [Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2015-7450) (CVE-2015-2017)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971089>)\n\n&lt; /br &gt;\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T19:27:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons affects Tivoli Storage Productivity Center and IBM Spectrum Control (CVE-2015-7450)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2017", "CVE-2015-7450"], "modified": "2022-02-22T19:27:34", "id": "1696E1D8792540E46785AF5C86F8AD0F77D5F716A56F15223E99344280FB380A", "href": "https://www.ibm.com/support/pages/node/273075", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:50", "description": "[7.29.0-25.0.1]\n- disable check to make build pass\n[7.29.0-25]\n- fix spurious failure of test 1500 on ppc64le (#1218272)\n[7.29.0-24]\n- use the default min/max TLS version provided by NSS (#1170339)\n- improve handling of timeouts and blocking direction to speed up FTP (#1218272)\n[7.29.0-23]\n- require credentials to match for NTLM re-use (CVE-2015-3143)\n- close Negotiate connections when done (CVE-2015-3148)\n[7.29.0-22]\n- reject CRLFs in URLs passed to proxy (CVE-2014-8150)\n[7.29.0-21]\n- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)\n- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)\n[7.29.0-20]\n- eliminate unnecessary delay when resolving host from /etc/hosts (#1130239)\n- allow to enable/disable new AES cipher-suites (#1066065)\n- call PR_Cleanup() on curl tool exit if NSPR is used (#1071254)\n- implement non-blocking TLS handshake (#1091429)\n- fix limited connection re-use for unencrypted HTTP (#1101092)\n- disable libcurl-level downgrade to SSLv3 (#1154060)\n- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161182)\n- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1166264)", "cvss3": {}, "published": "2015-11-23T00:00:00", "type": "oraclelinux", "title": "curl security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2159", "href": "http://linux.oracle.com/errata/ELSA-2015-2159.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-05-13T09:23:46", "description": "[7.19.7-46]\n- require credentials to match for NTLM re-use (CVE-2015-3143)\n- close Negotiate connections when done (CVE-2015-3148)\n[7.19.7-45]\n- reject CRLFs in URLs passed to proxy (CVE-2014-8150)\n[7.19.7-44]\n- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)\n- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)\n[7.19.7-43]\n- fix manpage typos found using aspell (#1011101)\n- fix comments about loading CA certs with NSS in man pages (#1011083)\n- fix handling of DNS cache timeout while a transfer is in progress (#835898)\n- eliminate unnecessary inotify events on upload via file protocol (#883002)\n- use correct socket type in the examples (#997185)\n- do not crash if MD5 fingerprint is not provided by libssh2 (#1008178)\n- fix SIGSEGV of curl --retry when network is down (#1009455)\n- allow to use TLS 1.1 and TLS 1.2 (#1012136)\n- docs: update the links to cipher-suites supported by NSS (#1104160)\n- allow to use ECC ciphers if NSS implements them (#1058767)\n- make curl --trace-time print correct time (#1120196)\n- let tool call PR_Cleanup() on exit if NSPR is used (#1146528)\n- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747)\n- allow to enable/disable new AES cipher-suites (#1156422)\n- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163)\n- disable libcurl-level downgrade to SSLv3 (#1154059)\n[7.19.7-42]\n- do not force connection close after failed HEAD request (#1168137)\n- fix occasional SIGSEGV during SSL handshake (#1168668)\n[7.19.7-41]\n- fix a connection failure when FTPS handle is reused (#1154663)", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "oraclelinux", "title": "curl security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-07-28T00:00:00", "id": "ELSA-2015-1254", "href": "http://linux.oracle.com/errata/ELSA-2015-1254.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-05-13T09:23:32", "description": "[4.2.6p5-5]\n- reject packets without MAC when authentication is enabled (CVE-2015-1798)\n- protect symmetric associations with symmetric key against DoS attack\n (CVE-2015-1799)\n- fix generation of MD5 keys with ntp-keygen on big-endian systems\n (CVE-2015-3405)\n- log when stepping clock for leap second or ignoring it with -x (#1204625)\n[4.2.6p5-4]\n- fix typos in ntpd man page (#1194463)", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "oraclelinux", "title": "ntp security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2015-07-28T00:00:00", "id": "ELSA-2015-1459", "href": "http://linux.oracle.com/errata/ELSA-2015-1459.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-06-04T20:20:44", "description": "[4.2.6p5-22]\n- check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)\n- allow only one step larger than panic threshold with -g (CVE-2015-5300)\n[4.2.6p5-20]\n- validate lengths of values in extension fields (CVE-2014-9297)\n- drop packets with spoofed source address ::1 (CVE-2014-9298)\n- reject packets without MAC when authentication is enabled (CVE-2015-1798)\n- protect symmetric associations with symmetric key against DoS attack (CVE-2015-1799)\n- fix generation of MD5 keys with ntp-keygen on big-endian systems (CVE-2015-3405)\n- add option to set Differentiated Services Code Point (DSCP) (#1202828)\n- add nanosecond support to SHM refclock (#1117702)\n- allow creating all SHM segments with owner-only access (#1122012)\n- allow different thresholds for forward and backward step (#1193154)\n- allow symmetric keys up to 32 bytes again (#1191111)\n- don't step clock for leap second with -x option (#1191122)\n- don't drop packets with source port below 123 (#1171640)\n- retry joining multicast groups (#1207014)\n- increase memlock limit again (#1053569)\n- warn when monitor can't be disabled due to limited restrict (#1191108)\n- use larger RSA exponent in ntp-keygen (#1191116)\n- fix crash in ntpq mreadvar command (#1180721)\n- move sntp kod database to allow SELinux labeling (#1082934)\n- fix typos in ntpd man page (#1195211)\n- improve documentation of restrict command (#1213953)", "cvss3": {}, "published": "2015-11-23T00:00:00", "type": "oraclelinux", "title": "ntp security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405", "CVE-2015-5300", "CVE-2015-7704"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2231", "href": "http://linux.oracle.com/errata/ELSA-2015-2231.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:17:40", "description": "Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specific way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSL 3.0 through the libcurl API. (BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl.\nYou can explicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers. (BZ#1218272)\n\nEnhancements :\n\n* With the updated packages, it is possible to explicitly enable or disable new Advanced Encryption Standard (AES) cipher suites to be used for the TLS protocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations.\nSome actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs. (BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-19T00:00:00", "type": "nessus", "title": "RHEL 7 : curl (RHSA-2015:2159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2159.NASL", "href": "https://www.tenable.com/plugins/nessus/86934", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2159. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86934);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_xref(name:\"RHSA\", value:\"2015:2159\");\n\n script_name(english:\"RHEL 7 : curl (RHSA-2015:2159)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request\nor construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate-authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these\nissues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL\nversion. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSL 3.0 through the libcurl\nAPI. (BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl.\nYou can explicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long\ntime to complete. Now, the FTP implementation in libcurl correctly\nsets blocking direction and estimated timeout for connections,\nresulting in faster FTP transfers. (BZ#1218272)\n\nEnhancements :\n\n* With the updated packages, it is possible to explicitly enable or\ndisable new Advanced Encryption Standard (AES) cipher suites to be\nused for the TLS protocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake,\nwhich negatively affected performance of applications based on the\nlibcurl multi API. The non-blocking SSL handshake has been implemented\nin libcurl, and the libcurl multi API now immediately returns the\ncontrol back to the application whenever it cannot read or write data\nfrom or to the underlying network socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for\nactions with no active file descriptors, even for short operations.\nSome actions, such as resolving a host name using /etc/hosts, took a\nlong time to complete. The blocking code in libcurl has been modified\nso that the initial delay is short and gradually increases until an\nevent occurs. (BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3148\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2159\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"curl-7.29.0-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"curl-debuginfo-7.29.0-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-7.29.0-25.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-devel-7.29.0-25.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:07", "description": "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate- authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nBug fixes :\n\n - An out-of-protocol fallback to SSL 3.0 was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSL 3.0 through the libcurl API.\n\n - TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can explicitly disable them through the libcurl API.\n\n - FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers.\n\nEnhancements :\n\n - With the updated packages, it is possible to explicitly enable or disable new Advanced Encryption Standard (AES) cipher suites to be used for the TLS protocol.\n\n - The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket.\n\n - The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations. Some actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs.", "cvss3": {}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : curl on SL7.x x86_64 (20151119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:curl", "p-cpe:/a:fermilab:scientific_linux:curl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libcurl", "p-cpe:/a:fermilab:scientific_linux:libcurl-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_CURL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87554);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n\n script_name(english:\"Scientific Linux Security Update : curl on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request\nor construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate- authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nBug fixes :\n\n - An out-of-protocol fallback to SSL 3.0 was available\n with libcurl. Attackers could abuse the fallback to\n force downgrade of the SSL version. The fallback has\n been removed from libcurl. Users requiring this\n functionality can explicitly enable SSL 3.0 through the\n libcurl API.\n\n - TLS 1.1 and TLS 1.2 are no longer disabled by default in\n libcurl. You can explicitly disable them through the\n libcurl API.\n\n - FTP operations such as downloading files took a\n significantly long time to complete. Now, the FTP\n implementation in libcurl correctly sets blocking\n direction and estimated timeout for connections,\n resulting in faster FTP transfers.\n\nEnhancements :\n\n - With the updated packages, it is possible to explicitly\n enable or disable new Advanced Encryption Standard (AES)\n cipher suites to be used for the TLS protocol.\n\n - The libcurl library did not implement a non-blocking SSL\n handshake, which negatively affected performance of\n applications based on the libcurl multi API. The\n non-blocking SSL handshake has been implemented in\n libcurl, and the libcurl multi API now immediately\n returns the control back to the application whenever it\n cannot read or write data from or to the underlying\n network socket.\n\n - The libcurl library used an unnecessarily long blocking\n delay for actions with no active file descriptors, even\n for short operations. Some actions, such as resolving a\n host name using /etc/hosts, took a long time to\n complete. The blocking code in libcurl has been modified\n so that the initial delay is short and gradually\n increases until an event occurs.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=14587\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f59fa770\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.29.0-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-25.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-25.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:03", "description": "Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specific way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSL 3.0 through the libcurl API. (BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl.\nYou can explicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers. (BZ#1218272)\n\nEnhancements :\n\n* With the updated packages, it is possible to explicitly enable or disable new Advanced Encryption Standard (AES) cipher suites to be used for the TLS protocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations.\nSome actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs. (BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-12-02T00:00:00", "type": "nessus", "title": "CentOS 7 : curl (CESA-2015:2159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2159.NASL", "href": "https://www.tenable.com/plugins/nessus/87138", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2159 and \n# CentOS Errata and Security Advisory 2015:2159 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87138);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_xref(name:\"RHSA\", value:\"2015:2159\");\n\n script_name(english:\"CentOS 7 : curl (CESA-2015:2159)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request\nor construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate-authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these\nissues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL\nversion. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSL 3.0 through the libcurl\nAPI. (BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl.\nYou can explicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long\ntime to complete. Now, the FTP implementation in libcurl correctly\nsets blocking direction and estimated timeout for connections,\nresulting in faster FTP transfers. (BZ#1218272)\n\nEnhancements :\n\n* With the updated packages, it is possible to explicitly enable or\ndisable new Advanced Encryption Standard (AES) cipher suites to be\nused for the TLS protocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake,\nwhich negatively affected performance of applications based on the\nlibcurl multi API. The non-blocking SSL handshake has been implemented\nin libcurl, and the libcurl multi API now immediately returns the\ncontrol back to the application whenever it cannot read or write data\nfrom or to the underlying network socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for\nactions with no active file descriptors, even for short operations.\nSome actions, such as resolving a host name using /etc/hosts, took a\nlong time to complete. The blocking code in libcurl has been modified\nso that the initial delay is short and gradually increases until an\nevent occurs. (BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002182.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd440567\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3613\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"curl-7.29.0-25.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-25.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-25.el7.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:35", "description": "Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specific way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the '--retry' option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding '--retry' no longer causes curl to crash. (BZ#1009455)\n\n* The 'curl --trace-time' command did not use the correct local time when printing timestamps. Now, 'curl --trace-time' works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid.\n(BZ#1161163)\n\nEnhancements :\n\n* The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The '--tlsv1' option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "nessus", "title": "CentOS 6 : curl (CESA-2015:1254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2015-1254.NASL", "href": "https://www.tenable.com/plugins/nessus/85009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1254 and \n# CentOS Errata and Security Advisory 2015:1254 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85009);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_bugtraq_id(69748, 70988, 71964, 74299, 74301);\n script_xref(name:\"RHSA\", value:\"2015:1254\");\n\n script_name(english:\"CentOS 6 : curl (CESA-2015:1254)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an\nHTTP proxy could use this flaw to inject additional headers to the\nrequest or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate-authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these\nissues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was\navailable with libcurl. Attackers could abuse the fallback to force\ndowngrade of the SSL version. The fallback has been removed from\nlibcurl. Users requiring this functionality can explicitly enable\nSSLv3.0 through the libcurl API. (BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the\ndestination file twice. If the inotify kernel subsystem monitored the\nfile, two events were produced unnecessarily. The file is now opened\nonly once per upload. (BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the '--retry' option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding\n'--retry' no longer causes curl to crash. (BZ#1009455)\n\n* The 'curl --trace-time' command did not use the correct local time\nwhen printing timestamps. Now, 'curl --trace-time' works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks\non curl exit. Now, curl performs a global shutdown of the NetScape\nPortable Runtime (NSPR) library on exit, and valgrind no longer\nreports the memory leaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own\nheaders to the HTTP response. Now, the returned value is valid.\n(BZ#1161163)\n\nEnhancements :\n\n* The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available\nfor specifying the minor version of the TLS protocol to be negotiated\nby NSS. The '--tlsv1' option now negotiates the highest version of the\nTLS protocol supported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the\nnew AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-July/002018.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c96865b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3613\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"curl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libcurl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libcurl-devel-7.19.7-46.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:42", "description": "From Red Hat Security Advisory 2015:2159 :\n\nUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specific way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSL 3.0 through the libcurl API. (BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl.\nYou can explicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers. (BZ#1218272)\n\nEnhancements :\n\n* With the updated packages, it is possible to explicitly enable or disable new Advanced Encryption Standard (AES) cipher suites to be used for the TLS protocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations.\nSome actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs. (BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : curl (ELSA-2015-2159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2159.NASL", "href": "https://www.tenable.com/plugins/nessus/87028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2159 and \n# Oracle Linux Security Advisory ELSA-2015-2159 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87028);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_xref(name:\"RHSA\", value:\"2015:2159\");\n\n script_name(english:\"Oracle Linux 7 : curl (ELSA-2015-2159)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2159 :\n\nUpdated curl packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request\nor construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate-authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these\nissues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL\nversion. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSL 3.0 through the libcurl\nAPI. (BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl.\nYou can explicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long\ntime to complete. Now, the FTP implementation in libcurl correctly\nsets blocking direction and estimated timeout for connections,\nresulting in faster FTP transfers. (BZ#1218272)\n\nEnhancements :\n\n* With the updated packages, it is possible to explicitly enable or\ndisable new Advanced Encryption Standard (AES) cipher suites to be\nused for the TLS protocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake,\nwhich negatively affected performance of applications based on the\nlibcurl multi API. The non-blocking SSL handshake has been implemented\nin libcurl, and the libcurl multi API now immediately returns the\ncontrol back to the application whenever it cannot read or write data\nfrom or to the underlying network socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for\nactions with no active file descriptors, even for short operations.\nSome actions, such as resolving a host name using /etc/hosts, took a\nlong time to complete. The blocking code in libcurl has been modified\nso that the initial delay is short and gradually increases until an\nevent occurs. (BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005564.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-25.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-25.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-25.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:15:39", "description": "Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specific way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the '--retry' option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding '--retry' no longer causes curl to crash. (BZ#1009455)\n\n* The 'curl --trace-time' command did not use the correct local time when printing timestamps. Now, 'curl --trace-time' works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid.\n(BZ#1161163)\n\nEnhancements :\n\n* The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The '--tlsv1' option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "nessus", "title": "RHEL 6 : curl (RHSA-2015:1254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1254.NASL", "href": "https://www.tenable.com/plugins/nessus/84912", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1254. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84912);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_bugtraq_id(69748, 70988, 71964, 74299, 74301);\n script_xref(name:\"RHSA\", value:\"2015:1254\");\n\n script_name(english:\"RHEL 6 : curl (RHSA-2015:1254)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated curl packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an\nHTTP proxy could use this flaw to inject additional headers to the\nrequest or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate-authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these\nissues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was\navailable with libcurl. Attackers could abuse the fallback to force\ndowngrade of the SSL version. The fallback has been removed from\nlibcurl. Users requiring this functionality can explicitly enable\nSSLv3.0 through the libcurl API. (BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the\ndestination file twice. If the inotify kernel subsystem monitored the\nfile, two events were produced unnecessarily. The file is now opened\nonly once per upload. (BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the '--retry' option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding\n'--retry' no longer causes curl to crash. (BZ#1009455)\n\n* The 'curl --trace-time' command did not use the correct local time\nwhen printing timestamps. Now, 'curl --trace-time' works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks\non curl exit. Now, curl performs a global shutdown of the NetScape\nPortable Runtime (NSPR) library on exit, and valgrind no longer\nreports the memory leaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own\nheaders to the HTTP response. Now, the returned value is valid.\n(BZ#1161163)\n\nEnhancements :\n\n* The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available\nfor specifying the minor version of the TLS protocol to be negotiated\nby NSS. The '--tlsv1' option now negotiates the highest version of the\nTLS protocol supported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the\nnew AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3148\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1254\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"curl-7.19.7-46.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"curl-7.19.7-46.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"curl-7.19.7-46.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"curl-debuginfo-7.19.7-46.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-7.19.7-46.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-devel-7.19.7-46.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:16:00", "description": "From Red Hat Security Advisory 2015:1254 :\n\nUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specific way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the '--retry' option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding '--retry' no longer causes curl to crash. (BZ#1009455)\n\n* The 'curl --trace-time' command did not use the correct local time when printing timestamps. Now, 'curl --trace-time' works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid.\n(BZ#1161163)\n\nEnhancements :\n\n* The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The '--tlsv1' option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : curl (ELSA-2015-1254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-1254.NASL", "href": "https://www.tenable.com/plugins/nessus/85096", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1254 and \n# Oracle Linux Security Advisory ELSA-2015-1254 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85096);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_bugtraq_id(69748, 70988, 71964, 74299, 74301);\n script_xref(name:\"RHSA\", value:\"2015:1254\");\n\n script_name(english:\"Oracle Linux 6 : curl (ELSA-2015-1254)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1254 :\n\nUpdated curl packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an\nHTTP proxy could use this flaw to inject additional headers to the\nrequest or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specific way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate-authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these\nissues.\n\nBug fixes :\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was\navailable with libcurl. Attackers could abuse the fallback to force\ndowngrade of the SSL version. The fallback has been removed from\nlibcurl. Users requiring this functionality can explicitly enable\nSSLv3.0 through the libcurl API. (BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the\ndestination file twice. If the inotify kernel subsystem monitored the\nfile, two events were produced unnecessarily. The file is now opened\nonly once per upload. (BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the '--retry' option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding\n'--retry' no longer causes curl to crash. (BZ#1009455)\n\n* The 'curl --trace-time' command did not use the correct local time\nwhen printing timestamps. Now, 'curl --trace-time' works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks\non curl exit. Now, curl performs a global shutdown of the NetScape\nPortable Runtime (NSPR) library on exit, and valgrind no longer\nreports the memory leaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own\nheaders to the HTTP response. Now, the returned value is valid.\n(BZ#1161163)\n\nEnhancements :\n\n* The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available\nfor specifying the minor version of the TLS protocol to be negotiated\nby NSS. The '--tlsv1' option now negotiates the highest version of the\nTLS protocol supported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the\nnew AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005229.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"curl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-devel-7.19.7-46.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:25", "description": "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate- authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)\n\nBug fixes :\n\n - An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API.\n\n - A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload.\n\n - Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode.\n\n - Using the '--retry' option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding '--retry' no longer causes curl to crash.\n\n - The 'curl --trace-time' command did not use the correct local time when printing timestamps. Now, 'curl\n --trace-time' works as expected.\n\n - The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks.\n\n - Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid.\n\nEnhancements :\n\n - The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The '--tlsv1' option now negotiates the highest version of the TLS protocol supported by both the client and the server.\n\n - It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS.", "cvss3": {}, "published": "2015-08-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:curl", "p-cpe:/a:fermilab:scientific_linux:curl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libcurl", "p-cpe:/a:fermilab:scientific_linux:libcurl-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150722_CURL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85191", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85191);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n\n script_name(english:\"Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker\nable to trick a user into connecting to a malicious server could use\nthis flaw to set the user's cookie to a crafted domain, making other\ncookie-related issues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the\nduplication of connection handles. If an application set the\nCURLOPT_COPYPOSTFIELDS option for a handle, using the handle's\nduplicate could cause the application to crash or disclose a portion\nof its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle\nURLs with embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an\nHTTP proxy could use this flaw to inject additional headers to the\nrequest or construct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the\nwrong authenticated user. Additionally, the initial set of credentials\nfor HTTP Negotiate- authenticated requests could be reused in\nsubsequent requests, although a different set of credentials was\nspecified. (CVE-2015-3143, CVE-2015-3148)\n\nBug fixes :\n\n - An out-of-protocol fallback to SSL version 3.0 (SSLv3.0)\n was available with libcurl. Attackers could abuse the\n fallback to force downgrade of the SSL version. The\n fallback has been removed from libcurl. Users requiring\n this functionality can explicitly enable SSLv3.0 through\n the libcurl API.\n\n - A single upload transfer through the FILE protocol\n opened the destination file twice. If the inotify kernel\n subsystem monitored the file, two events were produced\n unnecessarily. The file is now opened only once per\n upload.\n\n - Utilities using libcurl for SCP/SFTP transfers could\n terminate unexpectedly when the system was running in\n FIPS mode.\n\n - Using the '--retry' option with the curl utility could\n cause curl to terminate unexpectedly with a segmentation\n fault. Now, adding '--retry' no longer causes curl to\n crash.\n\n - The 'curl --trace-time' command did not use the correct\n local time when printing timestamps. Now, 'curl\n --trace-time' works as expected.\n\n - The valgrind utility could report dynamically allocated\n memory leaks on curl exit. Now, curl performs a global\n shutdown of the NetScape Portable Runtime (NSPR) library\n on exit, and valgrind no longer reports the memory\n leaks.\n\n - Previously, libcurl returned an incorrect value of the\n CURLINFO_HEADER_SIZE field when a proxy server appended\n its own headers to the HTTP response. Now, the returned\n value is valid.\n\nEnhancements :\n\n - The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options\n are available for specifying the minor version of the\n TLS protocol to be negotiated by NSS. The '--tlsv1'\n option now negotiates the highest version of the TLS\n protocol supported by both the client and the server.\n\n - It is now possible to explicitly enable or disable the\n ECC and the new AES cipher suites to be used for TLS.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=7212\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f2dedc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"curl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"curl-debuginfo-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-devel-7.19.7-46.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:52", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - reject packets without MAC when authentication is enabled (CVE-2015-1798)\n\n - protect symmetric associations with symmetric key against DoS attack (CVE-2015-1799)\n\n - fix generation of MD5 keys with ntp-keygen on big-endian systems (CVE-2015-3405)\n\n - log when stepping clock for leap second or ignoring it with -x (#1204625)\n\n - fix typos in ntpd man page (#1194463)\n\n - validate lengths of values in extension fields (CVE-2014-9297)\n\n - drop packets with spoofed source address ::1 (CVE-2014-9298)\n\n - add nanosecond support to SHM refclock (#1117704)\n\n - allow creating all SHM segments with owner-only access (#1122015)\n\n - allow symmetric keys up to 32 bytes again (#1053551)\n\n - fix calculation of root dispersion (#1045376)\n\n - fix crash in ntpq mreadvar command (#1165141)\n\n - don't step clock for leap second with -x option (#1190619)\n\n - don't drop packets with source port below 123 (#1171630)\n\n - use larger RSA exponent in ntp-keygen (#1184421)\n\n - refresh peers on routing updates (#1193850)\n\n - increase memlock limit again (#1053568)\n\n - warn when monitor can't be disabled due to limited restrict (#1166596)\n\n - improve documentation of restrict command (#1069019)\n\n - update logconfig documentation for patched default (#1193849)\n\n - don't build ntpsnmpd (#995134)", "cvss3": {}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : ntp (OVMSA-2015-0102)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:ntp", "p-cpe:/a:oracle:vm:ntpdate", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0102.NASL", "href": "https://www.tenable.com/plugins/nessus/85143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0102.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85143);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_bugtraq_id(72583, 72584, 73950, 73951, 74045);\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"OracleVM 3.3 : ntp (OVMSA-2015-0102)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - reject packets without MAC when authentication is\n enabled (CVE-2015-1798)\n\n - protect symmetric associations with symmetric key\n against DoS attack (CVE-2015-1799)\n\n - fix generation of MD5 keys with ntp-keygen on big-endian\n systems (CVE-2015-3405)\n\n - log when stepping clock for leap second or ignoring it\n with -x (#1204625)\n\n - fix typos in ntpd man page (#1194463)\n\n - validate lengths of values in extension fields\n (CVE-2014-9297)\n\n - drop packets with spoofed source address ::1\n (CVE-2014-9298)\n\n - add nanosecond support to SHM refclock (#1117704)\n\n - allow creating all SHM segments with owner-only access\n (#1122015)\n\n - allow symmetric keys up to 32 bytes again (#1053551)\n\n - fix calculation of root dispersion (#1045376)\n\n - fix crash in ntpq mreadvar command (#1165141)\n\n - don't step clock for leap second with -x option\n (#1190619)\n\n - don't drop packets with source port below 123 (#1171630)\n\n - use larger RSA exponent in ntp-keygen (#1184421)\n\n - refresh peers on routing updates (#1193850)\n\n - increase memlock limit again (#1053568)\n\n - warn when monitor can't be disabled due to limited\n restrict (#1166596)\n\n - improve documentation of restrict command (#1069019)\n\n - update logconfig documentation for patched default\n (#1193849)\n\n - don't build ntpsnmpd (#995134)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp / ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntp-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntpdate-4.2.6p5-5.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:25", "description": "It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvr of Red Hat.\n\nBug fixes :\n\n - The ntpd daemon truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. The maximum length of keys has now been changed to 32 bytes.\n\n - The ntp-keygen utility used the exponent of 3 when generating RSA keys, and generating RSA keys failed when FIPS mode was enabled. ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected.\n\n - The ntpd daemon included a root delay when calculating its root dispersion. Consequently, the NTP server reported larger root dispersion than it should have and clients could reject the source when its distance reached the maximum synchronization distance (1.5 seconds by default). Calculation of root dispersion has been fixed, the root dispersion is now reported correctly, and clients no longer reject the server due to a large synchronization distance.\n\n - The ntpd daemon dropped incoming NTP packets if their source port was lower than 123 (the NTP port). Clients behind Network Address Translation (NAT) were unable to synchronize with the server if their source port was translated to ports below 123. With this update, ntpd no longer checks the source port number.\n\nEnhancements :\n\n - This update introduces configurable access of memory segments used for Shared Memory Driver (SHM) reference clocks. Previously, only the first two memory segments were created with owner-only access, allowing just two SHM reference clocks to be used securely on a system.\n Now, the owner-only access to SHM is configurable with the 'mode' option, and it is therefore possible to use more SHM reference clocks securely.\n\n - Support for nanosecond resolution has been added to the SHM reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock (for example, with the timemaster service from the linuxptp package), the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now enables sub-microsecond synchronization of the system clock.", "cvss3": {}, "published": "2015-08-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20150722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ntp", "p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ntp-doc", "p-cpe:/a:fermilab:scientific_linux:ntp-perl", "p-cpe:/a:fermilab:scientific_linux:ntpdate", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150722_NTP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85203);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n\n script_name(english:\"Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20150722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvr of Red Hat.\n\nBug fixes :\n\n - The ntpd daemon truncated symmetric keys specified in\n the key file to 20 bytes. As a consequence, it was\n impossible to configure NTP authentication to work with\n peers that use longer keys. The maximum length of keys\n has now been changed to 32 bytes.\n\n - The ntp-keygen utility used the exponent of 3 when\n generating RSA keys, and generating RSA keys failed when\n FIPS mode was enabled. ntp-keygen has been modified to\n use the exponent of 65537, and generating keys in FIPS\n mode now works as expected.\n\n - The ntpd daemon included a root delay when calculating\n its root dispersion. Consequently, the NTP server\n reported larger root dispersion than it should have and\n clients could reject the source when its distance\n reached the maximum synchronization distance (1.5\n seconds by default). Calculation of root dispersion has\n been fixed, the root dispersion is now reported\n correctly, and clients no longer reject the server due\n to a large synchronization distance.\n\n - The ntpd daemon dropped incoming NTP packets if their\n source port was lower than 123 (the NTP port). Clients\n behind Network Address Translation (NAT) were unable to\n synchronize with the server if their source port was\n translated to ports below 123. With this update, ntpd no\n longer checks the source port number.\n\nEnhancements :\n\n - This update introduces configurable access of memory\n segments used for Shared Memory Driver (SHM) reference\n clocks. Previously, only the first two memory segments\n were created with owner-only access, allowing just two\n SHM reference clocks to be used securely on a system.\n Now, the owner-only access to SHM is configurable with\n the 'mode' option, and it is therefore possible to use\n more SHM reference clocks securely.\n\n - Support for nanosecond resolution has been added to the\n SHM reference clock. Prior to this update, when a\n Precision Time Protocol (PTP) hardware clock was used as\n a time source to synchronize the system clock (for\n example, with the timemaster service from the linuxptp\n package), the accuracy of the synchronization was\n limited due to the microsecond resolution of the SHM\n protocol. The nanosecond extension in the SHM protocol\n now enables sub-microsecond synchronization of the\n system clock.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=3154\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b44f175\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ntp-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-debuginfo-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-doc-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-perl-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntpdate-4.2.6p5-5.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:08", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - require credentials to match for NTLM re-use (CVE-2015-3143)\n\n - close Negotiate connections when done (CVE-2015-3148)\n\n - reject CRLFs in URLs passed to proxy (CVE-2014-8150)\n\n - use only full matches for hosts used as IP address in cookies (CVE-2014-3613)\n\n - fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)\n\n - fix manpage typos found using aspell (#1011101)\n\n - fix comments about loading CA certs with NSS in man pages (#1011083)\n\n - fix handling of DNS cache timeout while a transfer is in progress (#835898)\n\n - eliminate unnecessary inotify events on upload via file protocol (#883002)\n\n - use correct socket type in the examples (#997185)\n\n - do not crash if MD5 fingerprint is not provided by libssh2 (#1008178)\n\n - fix SIGSEGV of curl --retry when network is down (#1009455)\n\n - allow to use TLS 1.1 and TLS 1.2 (#1012136)\n\n - docs: update the links to cipher-suites supported by NSS (#1104160)\n\n - allow to use ECC ciphers if NSS implements them (#1058767)\n\n - make curl --trace-time print correct time (#1120196)\n\n - let tool call PR_Cleanup on exit if NSPR is used (#1146528)\n\n - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747)\n\n - allow to enable/disable new AES cipher-suites (#1156422)\n\n - include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163)\n\n - disable libcurl-level downgrade to SSLv3 (#1154059)\n\n - do not force connection close after failed HEAD request (#1168137)\n\n - fix occasional SIGSEGV during SSL handshake (#1168668)\n\n - fix a connection failure when FTPS handle is reused (#1154663)\n\n - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015)\n\n - fix connection re-use when using different log-in credentials (CVE-2014-0138)\n\n - fix authentication failure when server offers multiple auth options (#799557)\n\n - refresh expired cookie in test172 from upstream test-suite (#1069271)\n\n - fix a memory leak caused by write after close (#1078562)\n\n - nss: implement non-blocking SSL handshake (#1083742)", "cvss3": {}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : curl (OVMSA-2015-0107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:curl", "p-cpe:/a:oracle:vm:libcurl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0107.NASL", "href": "https://www.tenable.com/plugins/nessus/85148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0107.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85148);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\", \"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_bugtraq_id(65270, 66457, 69748, 70988, 71964, 74299, 74301);\n\n script_name(english:\"OracleVM 3.3 : curl (OVMSA-2015-0107)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - require credentials to match for NTLM re-use\n (CVE-2015-3143)\n\n - close Negotiate connections when done (CVE-2015-3148)\n\n - reject CRLFs in URLs passed to proxy (CVE-2014-8150)\n\n - use only full matches for hosts used as IP address in\n cookies (CVE-2014-3613)\n\n - fix handling of CURLOPT_COPYPOSTFIELDS in\n curl_easy_duphandle (CVE-2014-3707)\n\n - fix manpage typos found using aspell (#1011101)\n\n - fix comments about loading CA certs with NSS in man\n pages (#1011083)\n\n - fix handling of DNS cache timeout while a transfer is in\n progress (#835898)\n\n - eliminate unnecessary inotify events on upload via file\n protocol (#883002)\n\n - use correct socket type in the examples (#997185)\n\n - do not crash if MD5 fingerprint is not provided by\n libssh2 (#1008178)\n\n - fix SIGSEGV of curl --retry when network is down\n (#1009455)\n\n - allow to use TLS 1.1 and TLS 1.2 (#1012136)\n\n - docs: update the links to cipher-suites supported by NSS\n (#1104160)\n\n - allow to use ECC ciphers if NSS implements them\n (#1058767)\n\n - make curl --trace-time print correct time (#1120196)\n\n - let tool call PR_Cleanup on exit if NSPR is used\n (#1146528)\n\n - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth\n (#1154747)\n\n - allow to enable/disable new AES cipher-suites (#1156422)\n\n - include response headers added by proxy in\n CURLINFO_HEADER_SIZE (#1161163)\n\n - disable libcurl-level downgrade to SSLv3 (#1154059)\n\n - do not force connection close after failed HEAD request\n (#1168137)\n\n - fix occasional SIGSEGV during SSL handshake (#1168668)\n\n - fix a connection failure when FTPS handle is reused\n (#1154663)\n\n - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015)\n\n - fix connection re-use when using different log-in\n credentials (CVE-2014-0138)\n\n - fix authentication failure when server offers multiple\n auth options (#799557)\n\n - refresh expired cookie in test172 from upstream\n test-suite (#1069271)\n\n - fix a memory leak caused by write after close (#1078562)\n\n - nss: implement non-blocking SSL handshake (#1083742)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000355.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected curl / libcurl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"curl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"libcurl-7.19.7-46.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:24", "description": "This update fixes the following security issues :\n\n - URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off.\n (CVE-2014-8150)\n\n If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL.\n\n - duphandle read out of bounds. (bnc#901924).\n (CVE-2014-3707)\n\n - libcurl cookie leaks (bnc#894575) Additional bug fixed:.\n (CVE-2014-3613)\n\n - curl_multi_remove_handle: don't crash on multiple removes (bnc#897816)", "cvss3": {}, "published": "2015-02-02T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : curl (SAT Patch Number 10166)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:curl", "p-cpe:/a:novell:suse_linux:11:libcurl4", "p-cpe:/a:novell:suse_linux:11:libcurl4-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CURL-201501-150113.NASL", "href": "https://www.tenable.com/plugins/nessus/81121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81121);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\");\n\n script_name(english:\"SuSE 11.3 Security Update : curl (SAT Patch Number 10166)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - URL request injection (bnc#911363) When libcurl sends a\n request to a server via a HTTP proxy, it copies the\n entire URL into the request and sends if off.\n (CVE-2014-8150)\n\n If the given URL contains line feeds and carriage\n returns those will be sent along to the proxy too, which\n allows the program to for example send a separate HTTP\n request injected embedded in the URL.\n\n - duphandle read out of bounds. (bnc#901924).\n (CVE-2014-3707)\n\n - libcurl cookie leaks (bnc#894575) Additional bug fixed:.\n (CVE-2014-3613)\n\n - curl_multi_remove_handle: don't crash on multiple\n removes (bnc#897816)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=884698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=885302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=894575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=897816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=901924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=911363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3613.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3707.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8150.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10166.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"curl-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libcurl4-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"curl-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"curl-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libcurl4-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:20:01", "description": "Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes.\n(BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed.\n(BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640)\n\nEnhancements :\n\n* This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the 'stepback' and 'stepfwd' options to configure each threshold.\n(BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-12-02T00:00:00", "type": "nessus", "title": "CentOS 7 : ntp (CESA-2015:2231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "p-cpe:/a:centos:centos:ntp-doc", "p-cpe:/a:centos:centos:ntp-perl", "p-cpe:/a:centos:centos:ntpdate", "p-cpe:/a:centos:centos:sntp", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2231.NASL", "href": "https://www.tenable.com/plugins/nessus/87143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2231 and \n# CentOS Errata and Security Advisory 2015:2231 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87143);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_xref(name:\"RHSA\", value:\"2015:2231\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"CentOS 7 : ntp (CESA-2015:2231)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix multiple security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd service truncated symmetric keys specified in the key file\nto 20 bytes. As a consequence, it was impossible to configure NTP\nauthentication to work with peers that use longer keys. With this\nupdate, the maximum key length has been changed to 32 bytes.\n(BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed.\n(BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when\ngenerating RSA keys. Consequently, generating RSA keys failed when\nFIPS mode was enabled. With this update, ntp-keygen has been modified\nto use the exponent of 65537, and generating keys in FIPS mode now\nworks as expected. (BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port\nwas lower than 123 (the NTP port). With this update, ntpd no longer\nchecks the source port number, and clients behind NAT are now able to\ncorrectly synchronize with the server. (BZ#1171640)\n\nEnhancements :\n\n* This update adds support for configurable Differentiated Services\nCode Points (DSCP) in NTP packets, simplifying configuration in large\nnetworks where different NTP implementations or versions are using\ndifferent DSCP values. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the\n'stepback' and 'stepfwd' options to configure each threshold.\n(BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source\nto synchronize the system clock, the accuracy of the synchronization\nwas limited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002507.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?445c7dd3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9751\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:06", "description": "It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nBug fixes :\n\n - The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes.\n\n - The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed.\n\n - Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected.\n\n - The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server.\n\nEnhancements :\n\n - This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values.\n\n - This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the 'stepback' and 'stepfwd' options to configure each threshold.\n\n - Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock.\n Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock.", "cvss3": {}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ntp", "p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ntp-doc", "p-cpe:/a:fermilab:scientific_linux:ntp-perl", "p-cpe:/a:fermilab:scientific_linux:ntpdate", "p-cpe:/a:fermilab:scientific_linux:sntp", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_NTP_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87564", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87564);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n\n script_name(english:\"Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nBug fixes :\n\n - The ntpd service truncated symmetric keys specified in\n the key file to 20 bytes. As a consequence, it was\n impossible to configure NTP authentication to work with\n peers that use longer keys. With this update, the\n maximum key length has been changed to 32 bytes.\n\n - The ntpd service could previously join multicast groups\n only when starting, which caused problems if ntpd was\n started during system boot before network was\n configured. With this update, ntpd attempts to join\n multicast groups every time network configuration is\n changed.\n\n - Previously, the ntp-keygen utility used the exponent of\n 3 when generating RSA keys. Consequently, generating RSA\n keys failed when FIPS mode was enabled. With this\n update, ntp-keygen has been modified to use the exponent\n of 65537, and generating keys in FIPS mode now works as\n expected.\n\n - The ntpd service dropped incoming NTP packets if their\n source port was lower than 123 (the NTP port). With this\n update, ntpd no longer checks the source port number,\n and clients behind NAT are now able to correctly\n synchronize with the server.\n\nEnhancements :\n\n - This update adds support for configurable Differentiated\n Services Code Points (DSCP) in NTP packets, simplifying\n configuration in large networks where different NTP\n implementations or versions are using different DSCP\n values.\n\n - This update adds the ability to configure separate clock\n stepping thresholds for each direction (backward and\n forward). Use the 'stepback' and 'stepfwd' options to\n configure each threshold.\n\n - Support for nanosecond resolution has been added to the\n Structural Health Monitoring (SHM) reference clock.\n Prior to this update, when a Precision Time Protocol\n (PTP) hardware clock was used as a time source to\n synchronize the system clock, the accuracy of the\n synchronization was limited due to the microsecond\n resolution of the SHM protocol. The nanosecond extension\n in the SHM protocol now allows sub-microsecond\n synchronization of the system clock.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=9091\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9837dc02\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-doc-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-perl-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:06", "description": "From Red Hat Security Advisory 2015:2231 :\n\nUpdated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes.\n(BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed.\n(BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640)\n\nEnhancements :\n\n* This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the 'stepback' and 'stepfwd' options to configure each threshold.\n(BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ntp (ELSA-2015-2231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ntp", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntpdate", "p-cpe:/a:oracle:linux:sntp", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2231.NASL", "href": "https://www.tenable.com/plugins/nessus/87030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2231 and \n# Oracle Linux Security Advisory ELSA-2015-2231 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87030);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_xref(name:\"RHSA\", value:\"2015:2231\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Oracle Linux 7 : ntp (ELSA-2015-2231)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2231 :\n\nUpdated ntp packages that fix multiple security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd service truncated symmetric keys specified in the key file\nto 20 bytes. As a consequence, it was impossible to configure NTP\nauthentication to work with peers that use longer keys. With this\nupdate, the maximum key length has been changed to 32 bytes.\n(BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed.\n(BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when\ngenerating RSA keys. Consequently, generating RSA keys failed when\nFIPS mode was enabled. With this update, ntp-keygen has been modified\nto use the exponent of 65537, and generating keys in FIPS mode now\nworks as expected. (BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port\nwas lower than 123 (the NTP port). With this update, ntpd no longer\nchecks the source port number, and clients behind NAT are now able to\ncorrectly synchronize with the server. (BZ#1171640)\n\nEnhancements :\n\n* This update adds support for configurable Differentiated Services\nCode Points (DSCP) in NTP packets, simplifying configuration in large\nnetworks where different NTP implementations or versions are using\ndifferent DSCP values. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the\n'stepback' and 'stepfwd' options to configure each threshold.\n(BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source\nto synchronize the system clock, the accuracy of the synchronization\nwas limited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005572.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:41", "description": "Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes.\n(BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed.\n(BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640)\n\nEnhancements :\n\n* This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the 'stepback' and 'stepfwd' options to configure each threshold.\n(BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "nessus", "title": "RHEL 7 : ntp (RHSA-2015:2231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "p-cpe:/a:redhat:enterprise_linux:sntp", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2231.NASL", "href": "https://www.tenable.com/plugins/nessus/86975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2231. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86975);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_xref(name:\"RHSA\", value:\"2015:2231\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"RHEL 7 : ntp (RHSA-2015:2231)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix multiple security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source. These packages include the\nntpd service which continuously adjusts system time and utilities used\nto query and configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd service truncated symmetric keys specified in the key file\nto 20 bytes. As a consequence, it was impossible to configure NTP\nauthentication to work with peers that use longer keys. With this\nupdate, the maximum key length has been changed to 32 bytes.\n(BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed.\n(BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when\ngenerating RSA keys. Consequently, generating RSA keys failed when\nFIPS mode was enabled. With this update, ntp-keygen has been modified\nto use the exponent of 65537, and generating keys in FIPS mode now\nworks as expected. (BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port\nwas lower than 123 (the NTP port). With this update, ntpd no longer\nchecks the source port number, and clients behind NAT are now able to\ncorrectly synchronize with the server. (BZ#1171640)\n\nEnhancements :\n\n* This update adds support for configurable Differentiated Services\nCode Points (DSCP) in NTP packets, simplifying configuration in large\nnetworks where different NTP implementations or versions are using\ndifferent DSCP values. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the\n'stepback' and 'stepfwd' options to configure each threshold.\n(BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source\nto synchronize the system clock, the accuracy of the synchronization\nwas limited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2231\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-doc-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-perl-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"sntp-4.2.6p5-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:06", "description": "From Red Hat Security Advisory 2015:1459 :\n\nUpdated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source.\n\nIt was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd daemon truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. The maximum length of keys has now been changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA keys, and generating RSA keys failed when FIPS mode was enabled.\nntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root dispersion. Consequently, the NTP server reported larger root dispersion than it should have and clients could reject the source when its distance reached the maximum synchronization distance (1.5 seconds by default). Calculation of root dispersion has been fixed, the root dispersion is now reported correctly, and clients no longer reject the server due to a large synchronization distance.\n(BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port was lower than 123 (the NTP port). Clients behind Network Address Translation (NAT) were unable to synchronize with the server if their source port was translated to ports below 123. With this update, ntpd no longer checks the source port number. (BZ#1171630)\n\nEnhancements :\n\n* This update introduces configurable access of memory segments used for Shared Memory Driver (SHM) reference clocks. Previously, only the first two memory segments were created with owner-only access, allowing just two SHM reference clocks to be used securely on a system. Now, the owner-only access to SHM is configurable with the 'mode' option, and it is therefore possible to use more SHM reference clocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock (for example, with the timemaster service from the linuxptp package), the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now enables sub-microsecond synchronization of the system clock. (BZ#1117704)", "cvss3": {}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : ntp (ELSA-2015-1459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ntp", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntpdate", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-1459.NASL", "href": "https://www.tenable.com/plugins/nessus/85111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1459 and \n# Oracle Linux Security Advisory ELSA-2015-1459 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85111);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_xref(name:\"RHSA\", value:\"2015:1459\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Oracle Linux 6 : ntp (ELSA-2015-1459)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1459 :\n\nUpdated ntp packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source.\n\nIt was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd daemon truncated symmetric keys specified in the key file\nto 20 bytes. As a consequence, it was impossible to configure NTP\nauthentication to work with peers that use longer keys. The maximum\nlength of keys has now been changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA\nkeys, and generating RSA keys failed when FIPS mode was enabled.\nntp-keygen has been modified to use the exponent of 65537, and\ngenerating keys in FIPS mode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root\ndispersion. Consequently, the NTP server reported larger root\ndispersion than it should have and clients could reject the source\nwhen its distance reached the maximum synchronization distance (1.5\nseconds by default). Calculation of root dispersion has been fixed,\nthe root dispersion is now reported correctly, and clients no longer\nreject the server due to a large synchronization distance.\n(BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port\nwas lower than 123 (the NTP port). Clients behind Network Address\nTranslation (NAT) were unable to synchronize with the server if their\nsource port was translated to ports below 123. With this update, ntpd\nno longer checks the source port number. (BZ#1171630)\n\nEnhancements :\n\n* This update introduces configurable access of memory segments used\nfor Shared Memory Driver (SHM) reference clocks. Previously, only the\nfirst two memory segments were created with owner-only access,\nallowing just two SHM reference clocks to be used securely on a\nsystem. Now, the owner-only access to SHM is configurable with the\n'mode' option, and it is therefore possible to use more SHM reference\nclocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM\nreference clock. Prior to this update, when a Precision Time Protocol\n(PTP) hardware clock was used as a time source to synchronize the\nsystem clock (for example, with the timemaster service from the\nlinuxptp package), the accuracy of the synchronization was limited due\nto the microsecond resolution of the SHM protocol. The nanosecond\nextension in the SHM protocol now enables sub-microsecond\nsynchronization of the system clock. (BZ#1117704)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ntp-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-doc-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-perl-4.2.6p5-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntpdate-4.2.6p5-5.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:13", "description": "Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source.\n\nIt was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd daemon truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. The maximum length of keys has now been changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA keys, and generating RSA keys failed when FIPS mode was enabled.\nntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root dispersion. Consequently, the NTP server reported larger root dispersion than it should have and clients could reject the source when its distance reached the maximum synchronization distance (1.5 seconds by default). Calculation of root dispersion has been fixed, the root dispersion is now reported correctly, and clients no longer reject the server due to a large synchronization distance.\n(BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port was lower than 123 (the NTP port). Clients behind Network Address Translation (NAT) were unable to synchronize with the server if their source port was translated to ports below 123. With this update, ntpd no longer checks the source port number. (BZ#1171630)\n\nEnhancements :\n\n* This update introduces configurable access of memory segments used for Shared Memory Driver (SHM) reference clocks. Previously, only the first two memory segments were created with owner-only access, allowing just two SHM reference clocks to be used securely on a system. Now, the owner-only access to SHM is configurable with the 'mode' option, and it is therefore possible to use more SHM reference clocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock (for example, with the timemaster service from the linuxptp package), the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now enables sub-microsecond synchronization of the system clock. (BZ#1117704)", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "nessus", "title": "CentOS 6 : ntp (CESA-2015:1459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "p-cpe:/a:centos:centos:ntp-doc", "p-cpe:/a:centos:centos:ntp-perl", "p-cpe:/a:centos:centos:ntpdate", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2015-1459.NASL", "href": "https://www.tenable.com/plugins/nessus/85025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1459 and \n# CentOS Errata and Security Advisory 2015:1459 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85025);\n script_version(\"2.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_xref(name:\"RHSA\", value:\"2015:1459\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"CentOS 6 : ntp (CESA-2015:1459)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source.\n\nIt was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd daemon truncated symmetric keys specified in the key file\nto 20 bytes. As a consequence, it was impossible to configure NTP\nauthentication to work with peers that use longer keys. The maximum\nlength of keys has now been changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA\nkeys, and generating RSA keys failed when FIPS mode was enabled.\nntp-keygen has been modified to use the exponent of 65537, and\ngenerating keys in FIPS mode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root\ndispersion. Consequently, the NTP server reported larger root\ndispersion than it should have and clients could reject the source\nwhen its distance reached the maximum synchronization distance (1.5\nseconds by default). Calculation of root dispersion has been fixed,\nthe root dispersion is now reported correctly, and clients no longer\nreject the server due to a large synchronization distance.\n(BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port\nwas lower than 123 (the NTP port). Clients behind Network Address\nTranslation (NAT) were unable to synchronize with the server if their\nsource port was translated to ports below 123. With this update, ntpd\nno longer checks the source port number. (BZ#1171630)\n\nEnhancements :\n\n* This update introduces configurable access of memory segments used\nfor Shared Memory Driver (SHM) reference clocks. Previously, only the\nfirst two memory segments were created with owner-only access,\nallowing just two SHM reference clocks to be used securely on a\nsystem. Now, the owner-only access to SHM is configurable with the\n'mode' option, and it is therefore possible to use more SHM reference\nclocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM\nreference clock. Prior to this update, when a Precision Time Protocol\n(PTP) hardware clock was used as a time source to synchronize the\nsystem clock (for example, with the timemaster service from the\nlinuxptp package), the accuracy of the synchronization was limited due\nto the microsecond resolution of the SHM protocol. The nanosecond\nextension in the SHM protocol now enables sub-microsecond\nsynchronization of the system clock. (BZ#1117704)\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-July/002074.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69a9fb5c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9751\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-4.2.6p5-5.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-doc-4.2.6p5-5.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-perl-4.2.6p5-5.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntpdate-4.2.6p5-5.el6.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:49", "description": "Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source.\n\nIt was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd daemon truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. The maximum length of keys has now been changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA keys, and generating RSA keys failed when FIPS mode was enabled.\nntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root dispersion. Consequently, the NTP server reported larger root dispersion than it should have and clients could reject the source when its distance reached the maximum synchronization distance (1.5 seconds by default). Calculation of root dispersion has been fixed, the root dispersion is now reported correctly, and clients no longer reject the server due to a large synchronization distance.\n(BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port was lower than 123 (the NTP port). Clients behind Network Address Translation (NAT) were unable to synchronize with the server if their source port was translated to ports below 123. With this update, ntpd no longer checks the source port number. (BZ#1171630)\n\nEnhancements :\n\n* This update introduces configurable access of memory segments used for Shared Memory Driver (SHM) reference clocks. Previously, only the first two memory segments were created with owner-only access, allowing just two SHM reference clocks to be used securely on a system. Now, the owner-only access to SHM is configurable with the 'mode' option, and it is therefore possible to use more SHM reference clocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock (for example, with the timemaster service from the linuxptp package), the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now enables sub-microsecond synchronization of the system clock. (BZ#1117704)", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "nessus", "title": "RHEL 6 : ntp (RHSA-2015:1459)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298", "CVE-2014-9750", "CVE-2014-9751", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3405"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1459.NASL", "href": "https://www.tenable.com/plugins/nessus/84951", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1459. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84951);\n script_version(\"2.25\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_xref(name:\"RHSA\", value:\"2015:1459\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"RHEL 6 : ntp (RHSA-2015:1459)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix multiple security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with another referenced time source.\n\nIt was found that because NTP's access control was based on a source\nIP address, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were\npeering with each other authenticated themselves before updating their\ninternal state variables. An attacker could send packets to one peer\nhost, which could cascade to other peers, and stop the synchronization\nprocess among the reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5\nsymmetric keys on big-endian systems. An attacker could possibly use\nthis flaw to guess generated MD5 keys, which could then be used to\nspoof an NTP client or server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey\nprotocol was implemented. When an NTP client decrypted a secret\nreceived from an NTP server, it could cause that client to crash.\n(CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication\nCode (MAC) was present in a received packet when ntpd was configured\nto use symmetric cryptographic keys. A man-in-the-middle attacker\ncould use this flaw to send crafted packets that would be accepted by\na client or a peer without the attacker knowing the symmetric key.\n(CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes :\n\n* The ntpd daemon truncated symmetric keys specified in the key file\nto 20 bytes. As a consequence, it was impossible to configure NTP\nauthentication to work with peers that use longer keys. The maximum\nlength of keys has now been changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA\nkeys, and generating RSA keys failed when FIPS mode was enabled.\nntp-keygen has been modified to use the exponent of 65537, and\ngenerating keys in FIPS mode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root\ndispersion. Consequently, the NTP server reported larger root\ndispersion than it should have and clients could reject the source\nwhen its distance reached the maximum synchronization distance (1.5\nseconds by default). Calculation of root dispersion has been fixed,\nthe root dispersion is now reported correctly, and clients no longer\nreject the server due to a large synchronization distance.\n(BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port\nwas lower than 123 (the NTP port). Clients behind Network Address\nTranslation (NAT) were unable to synchronize with the server if their\nsource port was translated to ports below 123. With this update, ntpd\nno longer checks the source port number. (BZ#1171630)\n\nEnhancements :\n\n* This update introduces configurable access of memory segments used\nfor Shared Memory Driver (SHM) reference clocks. Previously, only the\nfirst two memory segments were created with owner-only access,\nallowing just two SHM reference clocks to be used securely on a\nsystem. Now, the owner-only access to SHM is configurable with the\n'mode' option, and it is therefore possible to use more SHM reference\nclocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM\nreference clock. Prior to this update, when a Precision Time Protocol\n(PTP) hardware clock was used as a time source to synchronize the\nsystem clock (for example, with the timemaster service from the\nlinuxptp package), the accuracy of the synchronization was limited due\nto the microsecond resolution of the SHM protocol. The nanosecond\nextension in the SHM protocol now enables sub-microsecond\nsynchronization of the system clock. (BZ#1117704)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1459\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-debuginfo-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ntp-doc-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-perl-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-perl-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntpdate-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:46:50", "description": "Updated ntp packages fix security vulnerabilities :\n\nStephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (CVE-2014-9297).\n\nStephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).", "cvss3": {}, "published": "2015-02-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : ntp (MDVSA-2015:046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ntp", "p-cpe:/a:mandriva:linux:ntp-client", "p-cpe:/a:mandriva:linux:ntp-doc", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-046.NASL", "href": "https://www.tenable.com/plugins/nessus/81335", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81335);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_xref(name:\"MDVSA\", value:\"2015:046\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ntp (MDVSA-2015:046)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages fix security vulnerabilities :\n\nStephen Roettger of the Google Security Team, Sebastian Krahmer of the\nSUSE Security Team and Harlan Stenn of Network Time Foundation\ndiscovered that the length value in extension fields is not properly\nvalidated in several code paths in ntp_crypto.c, which could lead to\ninformation leakage or denial of service (CVE-2014-9297).\n\nStephen Roettger of the Google Security Team reported that ACLs based\non IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0063.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp, ntp-client and / or ntp-doc packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-8.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ntp-client-4.2.6p5-8.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-8.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-10-16T01:41:26", "description": "It was reported that ntp misses validation of vallen value, leading to various information leaks. See for more details. (CVE-2014-9297)\n\nIt was reported that ntp allows bypassing source IP ACLs on some OSes when ::1 spoofed. (CVE-2014-9298)", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ntp (ALAS-2015-496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntpdate", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-496.NASL", "href": "https://www.tenable.com/plugins/nessus/82045", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-496.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82045);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_xref(name:\"ALAS\", value:\"2015-496\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2015-496)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was reported that ntp misses validation of vallen value, leading to\nvarious information leaks. See for more details. (CVE-2014-9297)\n\nIt was reported that ntp allows bypassing source IP ACLs on some OSes\nwhen ::1 spoofed. (CVE-2014-9298)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.ntp.org/show_bug.cgi?id=2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.ntp.org/show_bug.cgi?id=2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-496.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.6p5-27.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.6p5-27.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.6p5-27.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.6p5-27.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.6p5-27.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:28", "description": "Security fix for CVE-2014-9297, CVE-2014-9298\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-02-16T00:00:00", "type": "nessus", "title": "Fedora 21 : ntp-4.2.6p5-27.fc21 (2015-1736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-1736.NASL", "href": "https://www.tenable.com/plugins/nessus/81359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1736.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81359);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_xref(name:\"FEDORA\", value:\"2015-1736\");\n\n script_name(english:\"Fedora 21 : ntp-4.2.6p5-27.fc21 (2015-1736)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9297, CVE-2014-9298\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184573\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/149931.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14cd60ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"ntp-4.2.6p5-27.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:12", "description": "Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems :\n\nCVE-2014-9297\n\nStephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (ntpd crash).\n\nCVE-2014-9298\n\nStephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-149-1 : ntp security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ntp", "p-cpe:/a:debian:debian_linux:ntp-doc", "p-cpe:/a:debian:debian_linux:ntpdate", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-149.NASL", "href": "https://www.tenable.com/plugins/nessus/82132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-149-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82132);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_bugtraq_id(72583, 72584);\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"Debian DLA-149-1 : ntp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the ntp package, an\nimplementation of the Network Time Protocol. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\nCVE-2014-9297\n\nStephen Roettger of the Google Security Team, Sebastian Krahmer of the\nSUSE Security Team and Harlan Stenn of Network Time Foundation\ndiscovered that the length value in extension fields is not properly\nvalidated in several code paths in ntp_crypto.c, which could lead to\ninformation leakage or denial of service (ntpd crash).\n\nCVE-2014-9298\n\nStephen Roettger of the Google Security Team reported that ACLs based\non IPv6 ::1 addresses can be bypassed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/02/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/ntp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected ntp, ntp-doc, and ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"ntp\", reference:\"1:4.2.6.p2+dfsg-1+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ntp-doc\", reference:\"1:4.2.6.p2+dfsg-1+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ntpdate\", reference:\"1:4.2.6.p2+dfsg-1+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:47", "description": "Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service.\n(CVE-2014-9297)\n\nStephen Roettger discovered that NTP incorrectly handled ACLs based on certain IPv6 addresses. (CVE-2014-9298).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-02-10T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2497-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ntp", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2497-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2497-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81256);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n script_xref(name:\"USN\", value:\"2497-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2497-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that\nNTP incorrectly handled the length value in extension fields. A remote\nattacker could use this issue to possibly obtain leaked information,\nor cause the NTP daemon to crash, resulting in a denial of service.\n(CVE-2014-9297)\n\nStephen Roettger discovered that NTP incorrectly handled ACLs based on\ncertain IPv6 addresses. (CVE-2014-9298).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2497-1/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2015-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"ntp\", pkgver:\"1:4.2.4p8+dfsg-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"ntp\", pkgver:\"1:4.2.6.p3+dfsg-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ntp\", pkgver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"ntp\", pkgver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:07", "description": "Security fix for CVE-2014-9297, CVE-2014-9298\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-02-16T00:00:00", "type": "nessus", "title": "Fedora 20 : ntp-4.2.6p5-20.fc20 (2015-1759)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2014-9298"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-1759.NASL", "href": "https://www.tenable.com/plugins/nessus/81361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1759.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81361);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\");\n script_xref(name:\"FEDORA\", value:\"2015-1759\");\n\n script_name(english:\"Fedora 20 : ntp-4.2.6p5-20.fc20 (2015-1759)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9297, CVE-2014-9298\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1184573\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/149862.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae3f2517\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"ntp-4.2.6p5-20.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:58", "description": "This update fixes the following security issues\n\n - CVE-2014-8150: URL request injection vulnerability (bnc#911363)\n\n - CVE-2014-3707: duphandle read out of bounds (bnc#901924)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0083-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3707", "CVE-2014-8150"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-0083-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0083-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83668);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-8150\");\n script_bugtraq_id(70988, 71964);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0083-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues\n\n - CVE-2014-8150: URL request injection vulnerability\n (bnc#911363)\n\n - CVE-2014-3707: duphandle read out of bounds (bnc#901924)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3707/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8150/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150083-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed5dc8cb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-29\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-29\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-29\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debuginfo-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debugsource-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-32bit-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-32bit-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"curl-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:13", "description": "was updated to version 7.40.0 to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-8150: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allowed remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL (bnc#911363).\n\n - CVE-2014-3707: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, did not properly copy HTTP POST data for an easy handle, which triggered an out-of-bounds read that allowed remote web servers to read sensitive memory information (bnc#901924).\n\nThese non-security issues were fixed :\n\n- http_digest: Added support for Windows SSPI based authentication\n\n - version info: Added Kerberos V5 to the supported features\n\n - Makefile: Added VC targets for WinIDN\n\n - SSL: Add PEM format support for public key pinning\n\n - smtp: Added support for the conversion of Unix newlines during mail send\n\n - smb: Added initial support for the SMB/CIFS protocol\n\n - Added support for HTTP over unix domain sockets,\n\n - via CURLOPT_UNIX_SOCKET_PATH and --unix-socket\n\n - sasl: Added support for GSS-API based Kerberos V5 authentication", "cvss3": {}, "published": "2015-02-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2015-125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3707", "CVE-2014-8150"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-125.NASL", "href": "https://www.tenable.com/plugins/nessus/81287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-125.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81287);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-8150\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2015-125)\");\n script_summary(english:\"Check for the openSUSE-2015-125 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"was updated to version 7.40.0 to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-8150: CRLF injection vulnerability in libcurl\n 6.0 through 7.x before 7.40.0, when using an HTTP proxy,\n allowed remote attackers to inject arbitrary HTTP\n headers and conduct HTTP response splitting attacks via\n CRLF sequences in a URL (bnc#911363).\n\n - CVE-2014-3707: The curl_easy_duphandle function in\n libcurl 7.17.1 through 7.38.0, when running with the\n CURLOPT_COPYPOSTFIELDS option, did not properly copy\n HTTP POST data for an easy handle, which triggered an\n out-of-bounds read that allowed remote web servers to\n read sensitive memory information (bnc#901924).\n\nThese non-security issues were fixed :\n\n- http_digest: Added support for Windows SSPI based authentication\n\n - version info: Added Kerberos V5 to the supported\n features\n\n - Makefile: Added VC targets for WinIDN\n\n - SSL: Add PEM format support for public key pinning\n\n - smtp: Added support for the conversion of Unix newlines\n during mail send\n\n - smb: Added initial support for the SMB/CIFS protocol\n\n - Added support for HTTP over unix domain sockets,\n\n - via CURLOPT_UNIX_SOCKET_PATH and --unix-socket\n\n - sasl: Added support for GSS-API based Kerberos V5\n authentication\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=901924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911363\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"curl-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"curl-debuginfo-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"curl-debugsource-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcurl-devel-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcurl4-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcurl4-debuginfo-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.40.0-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"curl-7.40.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"curl-debuginfo-7.40.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"curl-debugsource-7.40.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcurl-devel-7.40.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcurl4-7.40.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcurl4-debuginfo-7.40.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.40.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.40.0-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:49", "description": "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. (CVE-2014-3707)\n\nCRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. (CVE-2014-8150)", "cvss3": {}, "published": "2015-02-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2015-477)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3707", "CVE-2014-8150"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-477.NASL", "href": "https://www.tenable.com/plugins/nessus/81323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-477.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81323);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-8150\");\n script_xref(name:\"ALAS\", value:\"2015-477\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2015-477)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0,\nwhen running with the CURLOPT_COPYPOSTFIELDS option, does not properly\ncopy HTTP POST data for an easy handle, which triggers an\nout-of-bounds read that allows remote web servers to read sensitive\nmemory information. (CVE-2014-3707)\n\nCRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0,\nwhen using an HTTP proxy, allows remote attackers to inject arbitrary\nHTTP headers and conduct HTTP response splitting attacks via CRLF\nsequences in a URL. (CVE-2014-8150)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-477.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.40.0-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.40.0-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.40.0-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.40.0-1.49.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:38", "description": "https://vulners.com/cve/CVE-2014-9297 Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization.", "cvss3": {}, "published": "2015-07-02T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 6 : ntp4 (IV71094)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2015-1799"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV71094.NASL", "href": "https://www.tenable.com/plugins/nessus/84492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp4_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84492);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2015-1799\");\n\n script_name(english:\"AIX 6.1 TL 6 : ntp4 (IV71094)\");\n script_summary(english:\"Check for APAR IV71094\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297 Network\nTime Protocol (NTP) Project NTP daemon (ntpd) could allow a remote\nattacker to conduct spoofing attacks, caused by insufficient entropy\nin PRNG. An attacker could exploit this vulnerability to spoof the\nIPv6 address ::1 to bypass ACLs and launch further attacks on the\nsystem. Network Time Protocol (NTP) Project NTP daemon (ntpd) is\nvulnerable to a denial of service, caused by an error when using\nsymmetric key authentication. By sending specially-crafted packets to\nboth peering hosts, an attacker could exploit this vulnerability to\nprevent synchronization.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"06\", patch:\"IV71094s0a\", package:\"ntp.rte\", minfilesetver:\"6.1.0.0\", maxfilesetver:\"6.1.6.4\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:42", "description": "https://vulners.com/cve/CVE-2014-9297 Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization.", "cvss3": {}, "published": "2015-07-02T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 0 : ntp4 (IV71096)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9297", "CVE-2015-1799"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV71096.NASL", "href": "https://www.tenable.com/plugins/nessus/84493", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp4_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84493);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2014-9297\", \"CVE-2015-1799\");\n\n script_name(english:\"AIX 7.1 TL 0 : ntp4 (IV71096)\");\n script_summary(english:\"Check for APAR IV71096\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297 Network\nTime Protocol (NTP) Project NTP daemon (ntpd) could allow a remote\nattacker to conduct spoofing attacks, caused by insufficient entropy\nin PRNG. An attacker could exploit this vulnerability to spoof the\nIPv6 address ::1 to bypass ACLs and launch further attacks on the\nsystem. Network Time Protocol (NTP) Project NTP daemon (ntpd) is\nvulnerable to a denial of service, caused by an error when using\nsymmetric key authentication. By sending specially-crafted packets to\nboth peering hosts, an attacker could exploit this vulnerability to\nprevent synchronization.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"00\", patch:\"IV71096s0a\", package:\"ntp.rte\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.0.4\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:54", "description": "It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5621).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : net-snmp vulnerabilities (USN-2711-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsnmp15", "p-cpe:/a:canonical:ubuntu_linux:libsnmp30", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2711-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2711-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85506);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3565\", \"CVE-2015-5621\");\n script_xref(name:\"USN\", value:\"2711-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : net-snmp vulnerabilities (USN-2711-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Net-SNMP incorrectly handled certain trap\nmessages when the -OQ option was used. A remote attacker could use\nthis issue to cause Net-SNMP to crash, resulting in a denial of\nservice. (CVE-2014-3565)\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU\nparsing failures. A remote attacker could use this issue to cause\nNet-SNMP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-5621).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2711-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsnmp15 and / or libsnmp30 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsnmp15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsnmp30\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libsnmp15\", pkgver:\"5.4.3~dfsg-2.4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libsnmp30\", pkgver:\"5.7.2~dfsg-8.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libsnmp30\", pkgver:\"5.7.2~dfsg-8.1ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsnmp15 / libsnmp30\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:30", "description": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.\n(CVE-2015-1798)\n\nThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.\n(CVE-2015-1799)\n\nThis update also addresses leap-second handling. With older ntp versions, the -x option was sometimes used as a workaround to avoid kernel inserting/deleting leap seconds by stepping the clock and possibly upsetting running applications. That no longer works with 4.2.6 as ntpd steps the clock itself when a leap second occurs. The fix is to treat the one second offset gained during leap second as a normal offset and check the stepping threshold (set by -x or tinker step) to decide if a step should be applied. See this forum post for more information on the Amazon Linux AMI's leap-second handling.", "cvss3": {}, "published": "2015-05-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ntp (ALAS-2015-520)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1798", "CVE-2015-1799"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntpdate", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-520.NASL", "href": "https://www.tenable.com/plugins/nessus/83271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-520.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83271);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_xref(name:\"ALAS\", value:\"2015-520\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2015-520)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The symmetric-key feature in the receive function in ntp_proto.c in\nntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC\nfield has a nonzero length, which makes it easier for\nman-in-the-middle attackers to spoof packets by omitting the MAC.\n(CVE-2015-1798)\n\nThe symmetric-key feature in the receive function in ntp_proto.c in\nntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates\nupon receiving certain invalid packets, which makes it easier for\nman-in-the-middle attackers to cause a denial of service\n(synchronization loss) by spoofing the source IP address of a peer.\n(CVE-2015-1799)\n\nThis update also addresses leap-second handling. With older ntp\nversions, the -x option was sometimes used as a workaround to avoid\nkernel inserting/deleting leap seconds by stepping the clock and\npossibly upsetting running applications. That no longer works with\n4.2.6 as ntpd steps the clock itself when a leap second occurs. The\nfix is to treat the one second offset gained during leap second as a\nnormal offset and check the stepping threshold (set by -x or tinker\nstep) to decide if a step should be applied. See this forum post for\nmore information on the Amazon Linux AMI's leap-second handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1196635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://forums.aws.amazon.com/ann.jspa?annID=3064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-520.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.6p5-30.24.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:01", "description": "According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "Cisco IOS Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1798", "CVE-2015-1799"], "modified": "2020-12-01T00:00:00", "cpe": ["cpe:/o:cisco:ios"], "id": "CISCO-SA-20150408-NTPD-IOS.NASL", "href": "https://www.tenable.com/plugins/nessus/108954", "sourceData": "#TRUSTED 6e6324bfb052249a4bd30ac688397502d44f28977e7ba53b7c710649756b29857abe0f18912937e0cc56ae240eb8d60283a7c8bd128c649d8bf343f1ed629a79e50e87398c0459f888e9440965af498672a06963f7e710cd59a5de36a1efb82e09f3f7d6250fa32e7a6762a7a2f394a3bd23f5de817557c5238f1f073c4fb98de2fa6f261807fb1ffce857c17df03b8c31c3152ac1a3a1cd184fdb9d9cb98c34b3dcde8fa6c2a3d98c34fb64d3c6c05f4dc2a0fe1f612d979ae0ffb0ac165d7a3c7c334d8572f4eb8eeb55a2c0c071704692715f06428901bfe551838e4199da1e383f5486d2dd167eb0d37165267b5483c226302a4e914deb4f2844d09a35bb4a8fadb6fdf380029359403f93f92de6f3d989524f6e5425599c452ac8b4696a1a0bfe457b548a9e8d332db80243564801496a95cec04d29414d603ba1651890bef719e8f8f63463f9d42c30429d829d9e801a7e7dc36232a8fbde60552c4fef5bcccead6faad431cbda52fdbbc2e525d2fcf3269da5e4de76e14f336a952fc849673cbe4d0429ff07320f1f168186059b64e7a5c59d197ecc3dce9f809a009ee193f2c752f3bc7e7fc23132078d9451388cf991befce66e684547ac59fdc3bcec837c85e4078d94cdc1e3defbed1c1dfd9f14b377d864b3a62bcb843e3a5ef298757ef6cc65c5e199870fb167051eb67cc119b1a62e92ee1a99bfd94951f616\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108954);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut77619\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150408-ntpd\");\n\n script_name(english:\"Cisco IOS Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)\");\n script_summary(english:\"Checks the IOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IOS is affected\nby one or more vulnerabilities. Please see the included Cisco BIDs\nand the Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7aaf9b51\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut77619\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)\nCSCut77619.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1798\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_workarounds.inc\");\ninclude(\"ccf.inc\");\n\nproduct_info = cisco::get_product_info(name:\"Cisco IOS\");\n\nversion_list = make_list(\n \"12.1(3)XG\",\n \"12.1(3)XG6\",\n \"12.1(3)XG5\",\n \"12.1(3)XG2\",\n \"12.1(3)XG1\",\n \"12.1(3)XG4\",\n \"12.1(3)XG3\",\n \"12.1(12)\",\n \"12.1(1c)\",\n \"12.1(14)\",\n \"12.1(2a)\",\n \"12.1(7)\",\n \"12.1(9)\",\n \"12.1(4a)\",\n \"12.1(3b)\",\n \"12.1(11a)\",\n \"12.1(5b)\",\n \"12.1(6)\",\n \"12.1(4b)\",\n \"12.1(12a)\",\n \"12.1(11b)\",\n \"12.1(5)\",\n \"12.1(16)\",\n \"12.1(12c)\",\n \"12.1(8b)\",\n \"12.1(13)\",\n \"12.1(7a)\",\n \"12.1(7b)\",\n \"12.1(13a)\",\n \"12.1(22a)\",\n \"12.1(24)\",\n \"12.1(17)\",\n \"12.1(5e)\",\n \"12.1(8)\",\n \"12.1(18)\",\n \"12.1(1a)\",\n \"12.1(1)\",\n \"12.1(5c)\",\n \"12.1(6b)\",\n \"12.1(5a)\",\n \"12.1(27a)\",\n \"12.1(8a)\",\n \"12.1(20)\",\n \"12.1(2b)\",\n \"12.1(17a)\",\n \"12.1(19)\",\n \"12.1(27)\",\n \"12.1(2)\",\n \"12.1(6a)\",\n \"12.1(22b)\",\n \"12.1(15)\",\n \"12.1(1b)\",\n \"12.1(20a)\",\n \"12.1(26)\",\n \"12.1(10)\",\n \"12.1(4c)\",\n \"12.1(10a)\",\n \"12.1(21)\",\n \"12.1(5d)\",\n \"12.1(22)\",\n \"12.1(11)\",\n \"12.1(12b)\",\n \"12.1(22c)\",\n \"12.1(27b)\",\n \"12.1(9a)\",\n \"12.1(3)\",\n \"12.1(25)\",\n \"12.1(7c)\",\n \"12.1(3a)\",\n \"12.1(3a)XI9\",\n \"12.1(3)XI\",\n \"12.1(3a)XI8\",\n \"12.1(3a)XI3\",\n \"12.1(3a)XI1\",\n \"12.1(3a)XI7\",\n \"12.1(3a)XI6\",\n \"12.1(3a)XI4\",\n \"12.1(3a)XI2\",\n \"12.1(3a)XI5\",\n \"12.0(2)XC\",\n \"12.0(2)XC1\",\n \"12.0(2)XC2\",\n \"12.1(3)XJ\",\n \"12.0(2)XD1\",\n \"12.0(2)XD\",\n \"12.0(5)S\",\n \"12.0(15)S\",\n \"12.0(16)S\",\n \"12.0(17)S\",\n \"12.0(18)S\",\n \"12.0(19)S\",\n \"12.0(21)S\",\n \"12.0(22)S\",\n \"12.0(23)S\",\n \"12.0(24)S\",\n \"12.0(25)S\",\n \"12.0(26)S\",\n \"12.0(27)S\",\n \"12.0(28)S\",\n \"12.0(29)S\",\n \"12.0(30)S\",\n \"12.0(31)S\",\n \"12.0(31)S6\",\n \"12.0(32)S4\",\n \"12.0(32)S\",\n \"12.0(33)S\",\n \"12.0(25)S1\",\n \"12.0(30)S2\",\n \"12.0(23)S5\",\n \"12.0(16)S9\",\n \"12.0(18)S6\",\n \"12.0(11)S6\",\n \"12.0(21)S1\",\n \"12.0(24)S4a\",\n \"12.0(21)S5\",\n \"12.0(22)S5\",\n \"12.0(28)S5\",\n \"12.0(18)S5a\",\n \"12.0(21)S6\",\n \"12.0(18)S3\",\n \"12.0(10)S\",\n \"12.0(21)S2\",\n \"12.0(11)S5\",\n \"12.0(17)S6\",\n \"12.0(33)S5\",\n \"12.0(2)S\",\n \"12.0(22)S2\",\n \"12.0(16)S6\",\n \"12.0(4)S\",\n \"12.0(13)S8\",\n \"12.0(14)S7\",\n \"12.0(27)S1\",\n \"12.0(21)S6a\",\n \"12.0(14)S8\",\n \"12.0(6)S2\",\n \"12.0(26)S4\",\n \"12.0(32)S15\",\n \"12.0(33)S7\",\n \"12.0(25)S1d\",\n \"12.0(12)S4\",\n \"12.0(25)S2\",\n \"12.0(22)S5a\",\n \"12.0(32)S9\",\n \"12.0(25)S1b\",\n \"12.0(32)S2a\",\n \"12.0(27)S5\",\n \"12.0(19)S1\",\n \"12.0(32)S11\",\n \"12.0(23)S2a\",\n \"12.0(32)S8\",\n \"12.0(32)S6(c1)\",\n \"12.0(15)S3\",\n \"12.0(31)S1\",\n \"12.0(27)S4\",\n \"12.0(23)S3\",\n \"12.0(16)S3\",\n \"12.0(18)S4\",\n \"12.0(16)S10\",\n \"12.0(22)S2e\",\n \"12.0(32)S3\",\n \"12.0(21)S3\",\n \"12.0(28)S4\",\n \"12.0(7)S\",\n \"12.0(33)S6\",\n \"12.0(6)S\",\n \"12.0(19)S3\",\n \"12.0(23)S2\",\n \"12.0(6)S1\",\n \"12.0(11)S4\",\n \"12.0(10)S1\",\n \"12.0(23)S3c\",\n \"12.0(17)S3\",\n \"12.0(18)S1\",\n \"12.0(14)S3\",\n \"12.0(14)S\",\n \"12.0(25)S4\",\n \"12.0(32)S2\",\n \"12.0(10)S7\",\n \"12.0(16)S8\",\n \"12.0(28)S1\",\n \"12.0(24)S6\",\n \"12.0(32)S14\",\n \"12.0(11)S3\",\n \"12.0(12)S3\",\n \"12.0(17)S4\",\n \"12.0(25)S3\",\n \"12.0(14)S4\",\n \"12.0(17)S1\",\n \"12.0(24)S2a\",\n \"12.0(32)S10\",\n \"12.0(14)S6\",\n \"12.0(15)S1\",\n \"12.0(31)S5\",\n \"12.0(22)S3a\",\n \"12.0(26)S2\",\n \"12.0(32)S13\",\n \"12.0(12)S1\",\n \"12.0(15)S2\",\n \"12.0(22)S2c\",\n \"12.0(33)S9\",\n \"12.0(10)S3\",\n \"12.0(13)S5\",\n \"12.0(15)S4\",\n \"12.0(8)S\",\n \"12.0(28)S4z\",\n \"12.0(10)S3b\",\n \"12.0(24)S2b\",\n \"12.0(22)S6\",\n \"12.0(18)S7\",\n \"12.0(22)S4\",\n \"12.0(21)S8\",\n \"12.0(8)S1\",\n \"12.0(33)S8\",\n \"12.0(13)S2\",\n \"12.0(32)S16\",\n \"12.0(26)S5\",\n \"12.0(10)S4\",\n \"12.0(25)S1a\",\n \"12.0(24)S5\",\n \"12.0(25)S1c\",\n \"12.0(23)S3a\",\n \"12.0(16)S5\",\n \"12.0(31)S2\",\n \"12.0(16)S1\",\n \"12.0(26)S1\",\n \"12.0(23)S6a\",\n \"12.0(24)S2\",\n \"12.0(13)S1\",\n \"12.0(32)S5\",\n \"12.0(14)S1\",\n \"12.0(26)S6\",\n \"12.0(21)S5a\",\n \"12.0(27)S3\",\n \"12.0(3)S\",\n \"12.0(31)S4\",\n \"12.0(22)S4a\",\n \"12.0(16)S8a\",\n \"12.0(22)S3b\",\n \"12.0(32)S12\",\n \"12.0(22)S2b\",\n \"12.0(26)S3\",\n \"12.0(10)S2\",\n \"12.0(11)S1\",\n \"12.0(14)S2\",\n \"12.0(17)S2\",\n \"12.0(22)S3c\",\n \"12.0(28)S6\",\n \"12.0(18)S2\",\n \"12.0(10)S8\",\n \"12.0(13)S\",\n \"12.0(16)S7\",\n \"12.0(9)S\",\n \"12.0(15)S7\",\n \"12.0(17)S7\",\n \"12.0(9)S8\",\n \"12.0(22)S3\",\n \"12.0(21)S7\",\n \"12.0(27)S2\",\n \"12.0(30)S5\",\n \"12.0(18)S5\",\n \"12.0(33)S1\",\n \"12.0(28)S3\",\n \"12.0(16)S2\",\n \"12.0(23)S4\",\n \"12.0(13)S4\",\n \"12.0(19)S2\",\n \"12.0(30)S3\",\n \"12.0(19)S2a\",\n \"12.0(26)S2c\",\n \"12.0(15)S5\",\n \"12.0(24)S1\",\n \"12.0(29)S1\",\n \"12.0(31)S3\",\n \"12.0(33)S2\",\n \"12.0(13)S3\",\n \"12.0(32)S7\",\n \"12.0(30)S4\",\n \"12.0(22)S2a\",\n \"12.0(32)S17\",\n \"12.0(10)S5\",\n \"12.0(24)S4\",\n \"12.0(30)S1\",\n \"12.0(15)S6\",\n \"12.0(24)S3\",\n \"12.0(22)S2d\",\n \"12.0(12)S\",\n \"12.0(21)S4\",\n \"12.0(13)S6\",\n \"12.0(21)S4a\",\n \"12.0(28)S2\",\n \"12.0(7)S1\",\n \"12.0(32)S1\",\n \"12.0(22)S1\",\n \"12.0(12)S2\",\n \"12.0(17)S5\",\n \"12.0(11)S\",\n \"12.0(11)S2\",\n \"12.0(14)S5\",\n \"12.0(16)S4\",\n \"12.0(32)S11z\",\n \"12.0(32)S6\",\n \"12.0(23)S6\",\n \"12.0(33)S3\",\n \"12.0(19)S4\",\n \"12.0(23)S1\",\n \"12.0(23)S3b\",\n \"12.0(27)S4z\",\n \"12.0(33)S10\",\n \"12.0(33)S4\",\n \"12.0(33)S11\",\n \"12.0(16)ST\",\n \"12.0(10)ST\",\n \"12.0(11)ST\",\n \"12.0(14)ST\",\n \"12.0(17)ST\",\n \"12.0(18)ST\",\n \"12.0(19)ST\",\n \"12.0(20)ST\",\n \"12.0(21)ST\",\n \"12.0(9)ST\",\n \"12.0(11)ST3\",\n \"12.0(21)ST2a\",\n \"12.0(20)ST2\",\n \"12.0(10)ST1\",\n \"12.0(17)ST7\",\n \"12.0(21)ST6\",\n \"12.0(20)ST3\",\n \"12.0(20)ST6\",\n \"12.0(21)ST3a\",\n \"12.0(21)ST2\",\n \"12.0(17)ST8\",\n \"12.0(14)ST1\",\n \"12.0(21)ST5\",\n \"12.0(20)ST4\",\n \"12.0(17)ST1\",\n \"12.0(19)ST6\",\n \"12.0(17)ST2\",\n \"12.0(19)ST4\",\n \"12.0(18)ST1\",\n \"12.0(17)ST4\",\n \"12.0(19)ST1\",\n \"12.0(14)ST2\",\n \"12.0(19)ST2\",\n \"12.0(14)ST3\",\n \"12.0(17)ST3\",\n \"12.0(21)ST4\",\n \"12.0(21)ST6a\",\n \"12.0(10)ST2\",\n \"12.0(21)ST2b\",\n \"12.0(11)ST2\",\n \"12.0(11)ST1\",\n \"12.0(17)ST5\",\n \"12.0(16)ST1\",\n \"12.0(17)ST6\",\n \"12.0(19)ST5\",\n \"12.0(21)ST7\",\n \"12.0(19)ST3\",\n \"12.0(20)ST5\",\n \"12.0(20)ST1\",\n \"12.0(11)ST4\",\n \"12.0(21)ST3\",\n \"12.0(21)ST1\",\n \"12.1(2)XF5\",\n \"12.1(2)XF1\",\n \"12.1(2)XF4\",\n \"12.1(2)XF\",\n \"12.1(2)XF2\",\n \"12.1(2)XF3\",\n \"12.0(19)SP\",\n \"12.0(20)SP\",\n \"12.0(21)SP\",\n \"12.0(21)SP2\",\n \"12.0(20)SP1\",\n \"12.0(21)SP4\",\n \"12.0(21)SP1\",\n \"12.0(21)SP3\",\n \"12.0(19)SP1\",\n \"12.0(20)SP2\",\n \"12.1(3a)XL3\",\n \"12.1(3a)XL2\",\n \"12.1(3)XL\",\n \"12.1(3a)XL1\",\n \"12.1(3)XQ1\",\n \"12.1(3)XQ2\",\n \"12.1(3)XQ\",\n \"12.1(3)XQ3\",\n \"12.1(5)XU\",\n \"12.1(5)XU2\",\n \"12.1(5)XU1\",\n \"12.1(5)YD6\",\n \"12.1(5)YD2\",\n \"12.1(5)YD\",\n \"12.1(5)YD5\",\n \"12.1(5)YD3\",\n \"12.1(5)YD1\",\n \"12.1(5)YD4\",\n \"12.1(5)YI1\",\n \"12.1(5)YI\",\n \"12.1(5)YI2\",\n \"12.2(4)B\",\n \"12.2(15)B\",\n \"12.2(16)B1\",\n \"12.2(2)B7\",\n \"12.2(2)B6\",\n \"12.2(4)B7\",\n \"12.2(4)B2\",\n \"12.2(2)B\",\n \"12.2(16)B2\",\n \"12.2(4)B6\",\n \"12.2(2)B1\",\n \"12.2(4)B1\",\n \"12.2(4)B4\",\n \"12.2(4)B3\",\n \"12.2(2)B2\",\n \"12.2(2)B3\",\n \"12.2(4)B8\",\n \"12.2(2)B5\",\n \"12.2(4)B5\",\n \"12.2(2)B4\",\n \"12.2(16)B\",\n \"12.2(1b)DA\",\n \"12.2(5)DA\",\n \"12.2(7)DA\",\n \"12.2(12)DA\",\n \"12.2(10)DA5\",\n \"12.2(12)DA10\",\n \"12.2(10)DA\",\n \"12.2(12)DA1\",\n \"12.2(12)DA6\",\n \"12.2(10)DA8\",\n \"12.2(12)DA8\",\n \"12.2(12)DA11\",\n \"12.2(12)DA9\",\n \"12.2(12)DA4\",\n \"12.2(10)DA3\",\n \"12.2(12)DA14\",\n \"12.2(5)DA1\",\n \"12.2(12)DA13\",\n \"12.2(12)DA12\",\n \"12.2(12)DA7\",\n \"12.2(1b)DA1\",\n \"12.2(10)DA1\",\n \"12.2(10)DA6\",\n \"12.2(10)DA4\",\n \"12.2(12)DA2\",\n \"12.2(12)DA3\",\n \"12.2(10)DA2\",\n \"12.2(12)DA5\",\n \"12.2(10)DA7\",\n \"12.2(10)DA9\",\n \"12.2(14)S\",\n \"12.2(22)S\",\n \"12.2(20)S\",\n \"12.2(18)S\",\n \"12.2(14)S16\",\n \"12.2(25)S\",\n \"12.2(30)S\",\n \"12.2(9)S\",\n \"12.2(20)S10\",\n \"12.2(20)S8\",\n \"12.2(30)S1\",\n \"12.2(22)S2\",\n \"12.2(14)S7\",\n \"12.2(14)S11\",\n \"12.2(25)S12\",\n \"12.2(25)S4\",\n \"12.2(14)S18\",\n \"12.2(18)S8\",\n \"12.2(18)S10\",\n \"12.2(25)S15\",\n \"12.2(20)S5\",\n \"12.2(25)S7\",\n \"12.2(18)S7\",\n \"12.2(25)S14\",\n \"12.2(14)S10\",\n \"12.2(25)S11\",\n \"12.2(14)S13\",\n \"12.2(30)S2\",\n \"12.2(18)S1\",\n \"12.2(18)S11\",\n \"12.2(18)S5\",\n \"12.2(20)S4\",\n \"12.2(25)S10\",\n \"12.2(20)S7\",\n \"12.2(18)S2\",\n \"12.2(25)S5\",\n \"12.2(14)S17\",\n \"12.2(18)S9\",\n \"12.2(14)S3\",\n \"12.2(18)S6\",\n \"12.2(18)S12\",\n \"12.2(25)S13\",\n \"12.2(18)S4\",\n \"12.2(25)S2\",\n \"12.2(20)S2\",\n \"12.2(20)S12\",\n \"12.2(14)S12\",\n \"12.2(20)S11\",\n \"12.2(25)S8\",\n \"12.2(20)S14\",\n \"12.2(20)S9\",\n \"12.2(14)S15\",\n \"12.2(14)S1\",\n \"12.2(14)S9\",\n \"12.2(14)S2\",\n \"12.2(14)S19\",\n \"12.2(14)S8\",\n \"12.2(18)S3\",\n \"12.2(20)S6\",\n \"12.2(14)S5\",\n \"12.2(20)S3\",\n \"12.2(25)S1\",\n \"12.2(18)S13\",\n \"12.2(22)S1\",\n \"12.2(25)S9\",\n \"12.2(14)S14\",\n \"12.2(25)S3\",\n \"12.2(20)S1\",\n \"12.2(20)S13\",\n \"12.2(25)S6\",\n \"12.2(2)XA\",\n \"12.2(2)XA2\",\n \"12.2(2)XA3\",\n \"12.2(2)XA4\",\n \"12.2(2)XA5\",\n \"12.2(2)XA1\",\n \"12.2(2)XB11\",\n \"12.2(2)XB5\",\n \"12.2(2)XB2\",\n \"12.2(2)XB1\",\n \"12.2(2)XB10\",\n \"12.2(2)XB7\",\n \"12.2(2)XB3\",\n \"12.2(2)XB6\",\n \"12.2(2)XB14\",\n \"12.2(2)XB12\",\n \"12.2(2)XB15\",\n \"12.2(2)XB8\",\n \"12.2(2)XG\",\n \"12.2(4)XL\",\n \"12.2(4)XL5\",\n \"12.2(4)XL2\",\n \"12.2(4)XL6\",\n \"12.2(4)XL4\",\n \"12.2(4)XL1\",\n \"12.2(4)XL3\",\n \"12.2(4)XM\",\n \"12.2(4)XM3\",\n \"12.2(4)XM2\",\n \"12.2(4)XM4\",\n \"12.2(4)XM1\",\n \"12.2(10a)\",\n \"12.2(1)\",\n \"12.2(21b)\",\n \"12.2(10)\",\n \"12.2(1a)\",\n \"12.2(1b)\",\n \"12.2(1c)\",\n \"12.2(1d)\",\n \"12.2(10b)\",\n \"12.2(10d)\",\n \"12.2(10g)\",\n \"12.2(3a)\",\n \"12.2(3b)\",\n \"12.2(3c)\",\n \"12.2(3d)\",\n \"12.2(3g)\",\n \"12.2(3)\",\n \"12.2(5)\",\n \"12.2(5a)\",\n \"12.2(5b)\",\n \"12.2(5c)\",\n \"12.2(5d)\",\n \"12.2(6g)\",\n \"12.2(6h)\",\n \"12.2(6i)\",\n \"12.2(6j)\",\n \"12.2(6)\",\n \"12.2(6a)\",\n \"12.2(6b)\",\n \"12.2(6c)\",\n \"12.2(6d)\",\n \"12.2(6e)\",\n \"12.2(6f)\",\n \"12.2(7a)\",\n \"12.2(7b)\",\n \"12.2(7c)\",\n \"12.2(7e)\",\n \"12.2(7g)\",\n \"12.2(7)\",\n \"12.2(37)\",\n \"12.2(19b)\",\n \"12.2(24b)\",\n \"12.2(12e)\",\n \"12.2(28)\",\n \"12.2(34)\",\n \"12.2(34a)\",\n \"12.2(46a)\",\n \"12.2(12b)\",\n \"12.2(26b)\",\n \"12.2(28a)\",\n \"12.2(12i)\",\n \"12.2(19)\",\n \"12.2(24)\",\n \"12.2(12g)\",\n \"12.2(13c)\",\n \"12.2(12f)\",\n \"12.2(12c)\",\n \"12.2(32)\",\n \"12.2(31)\",\n \"12.2(26a)\",\n \"12.2(27)\",\n \"12.2(17e)\",\n \"12.2(28d)\",\n \"12.2(17a)\",\n \"12.2(12k)\",\n \"12.2(13e)\",\n \"12.2(12a)\",\n \"12.2(19c)\",\n \"12.2(27b)\",\n \"12.2(17b)\",\n \"12.2(23)\",\n \"12.2(27a)\",\n \"12.2(16)\",\n \"12.2(12m)\",\n \"12.2(40)\",\n \"12.2(28c)\",\n \"12.2(24a)\",\n \"12.2(21a)\",\n \"12.2(13b)\",\n \"12.2(23a)\",\n \"12.2(17d)\",\n \"12.2(26)\",\n \"12.2(43)\",\n \"12.2(23c)\",\n \"12.2(16b)\",\n \"12.2(13)\",\n \"12.2(19a)\",\n \"12.2(17f)\",\n \"12.2(28b)\",\n \"12.2(23d)\",\n \"12.2(12)\",\n \"12.2(12j)\",\n \"12.2(23f)\",\n \"12.2(17)\",\n \"12.2(16c)\",\n \"12.2(16a)\",\n \"12.2(27c)\",\n \"12.2(35)\",\n \"12.2(12l)\",\n \"12.2(12h)\",\n \"12.2(16f)\",\n \"12.2(29a)\",\n \"12.2(29b)\",\n \"12.2(13a)\",\n \"12.2(40a)\",\n \"12.2(26c)\",\n \"12.2(23e)\",\n \"12.2(21)\",\n \"12.2(46)\",\n \"12.2(29)\",\n \"12.2(2)XN\",\n \"12.2(33)XN1\",\n \"12.2(2)XR\",\n \"12.2(4)XR\",\n \"12.2(15)XR\",\n \"12.2(15)XR1\",\n \"12.2(15)XR2\",\n \"12.2(1)XS\",\n \"12.2(1)XS2\",\n \"12.2(1)XS1\",\n \"12.2(1)XS1a\",\n \"12.2(2)XT\",\n \"12.2(2)XT2\",\n \"12.2(2)XT3\",\n \"12.2(4)XW\",\n \"12.2(4)YA\",\n \"12.2(4)YA6\",\n \"12.2(4)YA3\",\n \"12.2(4)YA4\",\n \"12.2(4)YA1\",\n \"12.2(4)YA11\",\n \"12.2(4)YA2\",\n \"12.2(4)YA9\",\n \"12.2(4)YA8\",\n \"12.2(4)YA5\",\n \"12.2(4)YA13\",\n \"12.2(4)YA12\",\n \"12.2(4)YA10\",\n \"12.2(4)YA7\",\n \"12.2(4)YB\",\n \"12.2(2)YC\",\n \"12.2(2)YC4\",\n \"12.2(2)YC1\",\n \"12.2(2)YC3\",\n \"12.2(2)YC2\",\n \"12.2(8)YD\",\n \"12.2(8)YD3\",\n \"12.2(8)YD2\",\n \"12.2(8)YD1\",\n \"12.2(4)YF\",\n \"12.2(4)YG\",\n \"12.2(4)YH\",\n \"12.1(5)YF2\",\n \"12.1(5)YF1\",\n \"12.1(5)YF4\",\n \"12.1(5)YF3\",\n \"12.1(5)YF\",\n \"12.0(19)\",\n \"12.0(2a)\",\n \"12.0(6)\",\n \"12.0(13)\",\n \"12.0(1)\",\n \"12.0(9)\",\n \"12.0(16)\",\n \"12.0(2)\",\n \"12.0(28c)\",\n \"12.0(18a)\",\n \"12.0(17)\",\n \"12.0(19a)\",\n \"12.0(8a)\",\n \"12.0(16a)\",\n \"12.0(18)\",\n \"12.0(6b)\",\n \"12.0(13a)\",\n \"12.0(20)\",\n \"12.0(28b)\",\n \"12.0(7)\",\n \"12.0(25)\",\n \"12.0(15b)\",\n \"12.0(28d)\",\n \"12.0(26)\",\n \"12.0(3)\",\n \"12.0(15)\",\n \"12.0(11a)\",\n \"12.0(4)\",\n \"12.0(15a)\",\n \"12.0(4b)\",\n \"12.0(8)\",\n \"12.0(21a)\",\n \"12.0(22)\",\n \"12.0(19b)\",\n \"12.0(18b)\",\n \"12.0(17a)\",\n \"12.0(1a)\",\n \"12.0(4a)\",\n \"12.0(10)\",\n \"12.0(24)\",\n \"12.0(12)\",\n \"12.0(11)\",\n \"12.0(23)\",\n \"12.0(14)\",\n \"12.0(5a)\",\n \"12.0(20a)\",\n \"12.0(14a)\",\n \"12.0(2b)\",\n \"12.0(12a)\",\n \"12.0(6a)\",\n \"12.0(7a)\",\n \"12.0(3d)\",\n \"12.0(28a)\",\n \"12.0(9a)\",\n \"12.0(3b)\",\n \"12.0(28)\",\n \"12.0(10a)\",\n \"12.0(21)\",\n \"12.0(5)\",\n \"12.0(27)\",\n \"12.0(3c)\",\n \"12.1(1)XB\",\n \"12.1(3)XK\",\n \"12.0(5)XE5\",\n \"12.0(3)XE1\",\n \"12.0(5)XE\",\n \"12.0(2)XE4\",\n \"12.0(5)XE8\",\n \"12.0(2)XE3\",\n \"12.0(5)XE7\",\n \"12.0(4)XE2\",\n \"12.0(3)XE\",\n \"12.0(2)XE1\",\n \"12.0(3)XE2\",\n \"12.0(5)XE4\",\n \"12.0(4)XE1\",\n \"12.0(5)XE2\",\n \"12.0(5)XE1\",\n \"12.0(7)XE2\",\n \"12.0(4)XE\",\n \"12.0(5)XE6\",\n \"12.0(2)XE\",\n \"12.0(7)XE1\",\n \"12.0(2)XE2\",\n \"12.0(1)XE\",\n \"12.0(5)XE3\",\n \"12.0(10)SC\",\n \"12.0(11)SC\",\n \"12.0(12)SC\",\n \"12.0(13)SC\",\n \"12.0(14)SC\",\n \"12.0(15)SC\",\n \"12.0(16)SC\",\n \"12.0(6)SC\",\n \"12.0(7)SC\",\n \"12.0(8)SC\",\n \"12.0(9)SC\",\n \"12.0(16)SC3\",\n \"12.0(16)SC1\",\n \"12.0(8)SC1\",\n \"12.0(16)SC2\",\n \"12.0(10)SC1\",\n \"12.0(15)SC1\",\n \"12.1(4)CX\",\n \"12.1(7)CX\",\n \"12.1(7)CX1\",\n \"12.1(10)EC\",\n \"12.1(12c)EC\",\n \"12.1(13)EC\",\n \"12.1(19)EC\",\n \"12.1(20)EC\",\n \"12.1(22)EC\",\n \"12.1(3a)EC\",\n \"12.1(4)EC\",\n \"12.1(5)EC\",\n \"12.1(6)EC\",\n \"12.1(7)EC\",\n \"12.1(8)EC\",\n \"12.1(11b)EC\",\n \"12.1(2)EC\",\n \"12.1(13)EC1\",\n \"12.1(11b)EC1\",\n \"12.1(9)EC1\",\n \"12.1(20)EC2\",\n \"12.1(20)EC3\",\n \"12.1(8)EC1\",\n \"12.1(3a)EC1\",\n \"12.1(5)EC1\",\n \"12.1(19)EC1\",\n \"12.1(22)EC1\",\n \"12.1(20)EC1\",\n \"12.1(13)EC2\",\n \"12.1(2)EC1\",\n \"12.1(12c)EC1\",\n \"12.1(13)EC3\",\n \"12.1(6)EC1\",\n \"12.1(13)EC4\",\n \"12.1(10)EC1\",\n \"12.2(15)BC2a\",\n \"12.2(15)BC1a\",\n \"12.2(4)BC1a\",\n \"12.2(15)BC1b\",\n \"12.2(11)BC1\",\n \"12.2(15)BC2d\",\n \"12.2(11)BC3a\",\n \"12.2(15)BC2g\",\n \"12.2(11)BC3c\",\n \"12.2(15)BC1g\",\n \"12.2(8)BC2\",\n \"12.2(11)BC1b\",\n \"12.2(8)BC1\",\n \"12.2(15)BC2i\",\n \"12.2(15)BC1c\",\n \"12.2(15)BC2c\",\n \"12.2(15)BC2f\",\n \"12.2(15)BC1d\",\n \"12.2(15)BC1\",\n \"12.2(4)BC1\",\n \"12.2(8)BC2a\",\n \"12.2(11)BC2\",\n \"12.2(11)BC3b\",\n \"12.2(11)BC3d\",\n \"12.2(15)BC2\",\n \"12.2(11)BC3\",\n \"12.2(11)BC2a\",\n \"12.2(15)BC2e\",\n \"12.2(4)BC1b\",\n \"12.2(11)BC1a\",\n \"12.2(15)BC1e\",\n \"12.2(15)BC2h\",\n \"12.2(15)BC1f\",\n \"12.2(15)BC2b\",\n \"12.2(2)XF\",\n \"12.2(4)XF\",\n \"12.2(2)XF2\",\n \"12.2(1)XF1\",\n \"12.2(2)XF1\",\n \"12.2(4)XF1\",\n \"12.2(1)XF\",\n \"12.0(3)XG\",\n \"12.0(4)XI\",\n \"12.0(4)XI2\",\n \"12.0(4)XI1\",\n \"12.0(7)XK2\",\n \"12.0(5)XK1\",\n \"12.0(7)XK1\",\n \"12.0(5)XK2\",\n \"12.0(7)XK3\",\n \"12.0(5)XK\",\n \"12.0(7)XK\",\n \"12.0(4)XM1\",\n \"12.0(4)XM\",\n \"12.0(5)XQ\",\n \"12.0(5)XQ1\",\n \"12.0(7)XR3\",\n \"12.0(6)XR\",\n \"12.0(7)XR\",\n \"12.0(7)XR2\",\n \"12.0(7)XR4\",\n \"12.0(7)XR1\",\n \"12.0(7)XV\",\n \"12.1(5a)E\",\n \"12.1(13)E14\",\n \"12.1(8b)E18\",\n \"12.1(8b)E14\",\n \"12.1(8b)E15\",\n \"12.1(22)E2\",\n \"12.1(8b)E12\",\n \"12.1(26)E\",\n \"12.1(23)E\",\n \"12.1(8b)E11\",\n \"12.1(12c)E1\",\n \"12.1(13)E\",\n \"12.1(13)E9\",\n \"12.1(13)E7\",\n \"12.1(13)E13\",\n \"12.1(13)E11\",\n \"12.1(20)E3\",\n \"12.1(20)E\",\n \"12.1(1)E\",\n \"12.1(10)E\",\n \"12.1(11b)E\",\n \"12.1(12c)E\",\n \"12.1(14)E\",\n \"12.1(19)E\",\n \"12.1(2)E\",\n \"12.1(22)E\",\n \"12.1(3a)E\",\n \"12.1(4)E\",\n \"12.1(6)E\",\n \"12.1(7)E\",\n \"12.1(8a)E\",\n \"12.1(9)E\",\n \"12.1(27b)E\",\n \"12.1(26)E7\",\n \"12.1(27b)E1\",\n \"12.1(5a)E6\",\n \"12.1(10)E5\",\n \"12.1(23)E4\",\n \"12.1(26)E8\",\n \"12.1(19)E6\",\n \"12.1(8a)E3\",\n \"12.1(14)E4\",\n \"12.1(5b)E7\",\n \"12.1(9)E2\",\n \"12.1(11b)E12\",\n \"12.1(4)E2\",\n \"12.1(3a)E7\",\n \"12.1(6)E5\",\n \"12.1(10)E6\",\n \"12.1(14)E3\",\n \"12.1(11b)E4\",\n \"12.1(13)E4\",\n \"12.1(7)E0a\",\n \"12.1(5a)E1\",\n \"12.1(26)E3\",\n \"12.1(20)E5\",\n \"12.1(5c)E9\",\n \"12.1(13)E16\",\n \"12.1(6)E7\",\n \"12.1(8b)E20\",\n \"12.1(22)E5\",\n \"12.1(20)E4\",\n \"12.1(27b)E3\",\n \"12.1(7a)E5\",\n \"12.1(8b)E6\",\n \"12.1(22)E6\",\n \"12.1(6)E6\",\n \"12.1(9)E3\",\n \"12.1(14)E6\",\n \"12.1(6)E3\",\n \"12.1(10)E7\",\n \"12.1(3a)E4\",\n \"12.1(8b)E7\",\n \"12.1(6)E13\",\n \"12.1(8b)E8\",\n \"12.1(3a)E1\",\n \"12.1(7a)E1a\",\n \"12.1(13)E3\",\n \"12.1(6)E8\",\n \"12.1(19)E3\",\n \"12.1(13)E15\",\n \"12.1(13)E6\",\n \"12.1(26)E5\",\n \"12.1(4)E3\",\n \"12.1(1)E6\",\n \"12.1(8b)E10\",\n \"12.1(2)E2\",\n \"12.1(12c)E4\",\n \"12.1(20)E2\",\n \"12.1(11b)E5\",\n \"12.1(5a)E2\",\n \"12.1(6)E2\",\n \"12.1(22)E3\",\n \"12.1(1)E1\",\n \"12.1(7a)E3\",\n \"12.1(27b)E4\",\n \"12.1(20)E1\",\n \"12.1(22)E4\",\n \"12.1(7a)E4\",\n \"12.1(8b)E9\",\n \"12.1(1)E5\",\n \"12.1(5c)E12\",\n \"12.1(26)E2\",\n \"12.1(22)E1\",\n \"12.1(5c)E8\",\n \"12.1(13)E17\",\n \"12.1(10)E1\",\n \"12.1(7a)E6\",\n \"12.1(1)E4\",\n \"12.1(10)E6a\",\n \"12.1(23)E2\",\n \"12.1(13)E1\",\n \"12.1(4)E1\",\n \"12.1(3a)E6\",\n \"12.1(12c)E6\",\n \"12.1(26)E4\",\n \"12.1(19)E2\",\n \"12.