Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC07B22EADF090CC9AAC7EB1364B467F03118CFA06DA1B103743ADFC12C0BE972
HistoryOct 18, 2019 - 3:10 a.m.

Security Bulletin: Multiple Security Vulnerabilities affecting IBM Netezza Host Management

2019-10-1803:10:29
www.ibm.com
17

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Summary

IBM Netezza Host Management is affected by multiple Open Source security vulnerabilities in: GNU glibc, NTP address spoofing and NTP, NTPd and ntp_crypto.c disclosure.

Vulnerability Details

CVE-ID: CVE-2014-9297 Description: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system.
CVSS Base Score: 5.000
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/100004&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-ID: CVE-2014-9298 Description: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.000
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/100005&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-7817 D****escription: GNU C Library (glibc) could allow a local attacker to execute arbitrary commands on the system, caused by an error in the wordexp() function. An attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98852 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVE-ID: CVE-2014-9750 Description: NTP NTPd could allow a remote attacker to obtain sensitive information, caused by an error in ntp_crypto.c when Autokey Authentication is enabled. By sending a malformed packet, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVSS Base Score: 4.800
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109527&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVE-ID: CVE-2014-9751 Description: Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the failure to properly determine whether a source IP address is an IPv6 loopback address by the read_network_packet function. By sending a specially crafted packet, an attacker could exploit this vulnerability to spoof restricted packets.
CVSS Base Score: 5.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109548&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Version

| CVE
—|—
IBM Netezza Host Management 5.3.2.1 (and prior releases)| CVE-2014-9297
CVE-2014-9298
IBM Netezza Host Management 5.3.3.0 (and prior releases)| CVE-2014-7817
IBM Netezza Host Management 5.3.10.1 (and prior releases)| CVE-2014-9750
CVE-2014-9751

Remediation/Fixes

To resolve the reported CVEs for Red Hat Enterprise Linux (RHEL) 6.x, and for the most up-to-date software for the Netezza host operating system, update to the latest IBM Netezza Host Management release:

IBM Netezza Host Management 5.4.2.0 Link to Fix Central

The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances.

For more details on IBM Netezza Host Management security patching:

CPENameOperatorVersion
ibm puredata systemeq1.0.0

Related

openvas 36
cve 8
prion 8
nessus 46
centos 4
redhat 4
osv 5
f5 7
ubuntucve 6
ibm 17
debian 7
ubuntu 2
securityvulns 5
mageia 2
archlinux 2
amazon 2
veracode 10
oraclelinux 5
suse 5
debiancve 6
fedora 6
ics 2
cisco 1
cert 1
aix 1
freebsd_advisory 1
openvas
openvas
Debian: Security Advisory (DLA-149-1)
2023-03-08 00:00:00
RedHat Update for ntp RHSA-2015:2231-04
2015-11-20 00:00:00
Debian: Security Advisory (DSA-3154-2)
2015-02-04 00:00:00
cve
cve
CVE-2014-9298
2015-10-06 01:59:00
CVE-2014-9297
2015-10-06 01:59:00
CVE-2014-9751
2015-10-06 01:59:00
prion
prion
Design/Logic Flaw
2015-10-06 01:59:00
Design/Logic Flaw
2015-10-06 01:59:00
Authentication flaw
2015-10-06 01:59:00
nessus
nessus
Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
CentOS 6 : ntp (CESA-2015:1459)
2015-07-28 00:00:00
RHEL 7 : ntp (RHSA-2015:2231)
2015-11-20 00:00:00
centos
centos
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
ntp, ntpdate security update
2015-07-26 14:13:05
glibc, nscd security update
2014-12-19 12:43:11
redhat
redhat
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2014:2023) Moderate: glibc security and bug fix update
2014-12-18 00:00:00
osv
osv
ntp - security update
2015-02-05 00:00:00
ntp - incomplete fix
2015-02-05 00:00:00
ntp - security update
2015-02-07 00:00:00
f5
f5
K16393 : NTP vulnerability CVE-2014-9751
2015-11-07 00:00:00
SOL16392 - NTP vulnerability CVE-2014-9750
2015-04-09 00:00:00
K16392 : NTP vulnerability CVE-2014-9750
2015-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2014-9751
2015-10-06 00:00:00
CVE-2014-9750
2015-10-06 00:00:00
CVE-2015-7691
2015-10-22 00:00:00
ibm
ibm
Security Bulletin: IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751)
2018-06-18 01:30:30
Security Bulletin: Vulnerabilities in NTP Affect Power Hardware Management Console (CVE-2014-9297, CVE-2014-9298)
2021-09-23 01:31:39
Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect PowerKVM
2018-06-18 01:30:44
debian
debian
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
[SECURITY] [DLA 149-1] ntp security update
2015-02-07 15:26:18
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
ubuntu
ubuntu
NTP vulnerabilities
2015-02-09 00:00:00
GNU C Library vulnerabilities
2014-12-03 00:00:00
securityvulns
securityvulns
[USN-2497-1] NTP vulnerabilities
2015-02-11 00:00:00
GNU glibc code execution
2014-11-30 00:00:00
[ MDVSA-2014:232 ] glibc
2014-11-30 00:00:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-02-11 23:47:51
Updated glibc packages fix CVE-2014-7817
2014-11-26 20:29:06
archlinux
archlinux
ntp: multiple issues
2015-02-06 00:00:00
glibc: command execution
2014-11-21 00:00:00
amazon
amazon
Medium: ntp
2015-03-23 08:31:00
Medium: glibc
2015-01-08 12:38:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:41:07
Man-in-the-Middle (MitM)
2019-05-02 05:41:08
Improper Input Validation And Arbitary Code Injection
2019-05-02 05:41:07
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
ntp security, bug fix, and enhancement update
2015-07-28 00:00:00
glibc security and bug fix update
2015-01-07 00:00:00
suse
suse
Security update for ntp (important)
2015-02-12 03:06:04
Security update for ntp (important)
2015-02-12 21:04:54
Security update for xntp (important)
2015-02-19 01:05:02
debiancve
debiancve
CVE-2014-9751
2015-10-06 01:59:00
CVE-2014-9750
2015-10-06 01:59:00
CVE-2014-7817
2014-11-24 15:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-20.fc20
2015-02-15 03:17:24
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-27.fc21
2015-02-15 03:25:41
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20
2015-04-22 22:55:51
ics
ics
Network Time Protocol Vulnerabilities (Update B)
2018-09-10 12:00:00
Network Time Protocol Vulnerabilities (Update C)
2018-08-29 12:00:00
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
2014-12-22 16:00:00
cert
cert
NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)
2014-12-19 00:00:00
aix
aix
Vulnerabilities in NTPv4 affect AIX,Vulnerabilities in NTPv4 affect VIOS
2015-06-29 10:00:16
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:07.ntp
2015-04-07 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for C07B22EADF090CC9AAC7EB1364B467F03118CFA06DA1B103743ADFC12C0BE972
openvas36cve8prion8nessus46centos4redhat4osv5f57ubuntucve6ibm17debian7ubuntu2securityvulns5mageia2archlinux2amazon2veracode10oraclelinux5suse5debiancve6fedora6ics2cisco1cert1aix1freebsd_advisory1