Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCF531CAC76DDBE4456F0820A7939858EA06E071B4052A5CE0992D88CE2442928
HistorySep 23, 2021 - 1:31 a.m.

Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console

2021-09-2301:31:39
www.ibm.com
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.971 High

EPSS

Percentile

99.6%

JSON

Summary

NTP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2015-7691**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107449 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7692**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107450 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7701**
DESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107444 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-7702**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107451 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7703**
DESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the “pidfile” and “driftfile” configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107445 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7704**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By sending spoofed Kiss-o’-Death packets, an attacker could exploit this vulnerability to disable NTP at a victim client.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107446 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-7705**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the rate-limiting mechanism. By “priming the pump” and sending a valid Kiss-o’-Death packet, an attacker could exploit this vulnerability to disable NTP at a victim client and prevent the client from updating its local clock.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107447 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-7848**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an multiple integer overflows when processing malicious packets. By sending a specially crafted private mode packet, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107443 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7849**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by a use-after-free in the password management functionality. By sending a specially crafted key file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107442 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-7850**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the remote configuration functionality. By sending a specially crafted configuration file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107441 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7851**
DESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the save_config function containing directory traversal sequences to view arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107440 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-7852**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107439 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-7853**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107438 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-7854**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the password management functionality. By using a specially crafted key file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107437 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-7855**
DESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107448 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7871**
DESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to bypass restrictions, caused by a logic error when handling specific crypto-NAK packets. By sending an NTP symmetric active crypto-NAK packet, an attacker could exploit this vulnerability to bypass the symmetric association authentication process and make arbitrary changes to system time.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107436 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)

Affected Products and Versions

Version

|

CVE List

—|—

Power HMC V7.7.9.0

| CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871

Power HMC V8.8.6.0

| CVE-2015-7703 CVE-2015-8158 CVE-2015-5196 CVE-2015-7979 CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 CVE-2015-7701 CVE-2015-7852 CVE-2015-7974

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V7.7.9.0 SP3

|

MB03737

|

Apply eFix MH01605

Power HMC

|

V8.8.6.0

|

MB04060

|

Apply eFix MH01674

Workarounds and Mitigations

None

Related

archlinux 1
nessus 58
freebsd 1
arista 1
ibm 12
openvas 33
cisco 1
slackware 1
freebsd_advisory 1
symantec 1
securityvulns 2
aix 1
ubuntu 1
suse 4
fedora 6
mageia 3
osv 2
debian 2
redhat 2
amazon 2
centos 2
f5 15
oraclelinux 2
gentoo 1
ics 3
ubuntucve 10
cve 7
prion 8
talos 7
debiancve 7
citrix 1
veracode 1
archlinux
archlinux
ntp: multiple issues
2015-10-22 00:00:00
nessus
nessus
openSUSE Security Update : ntp (openSUSE-2015-767)
2015-11-20 00:00:00
FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)
2015-10-22 00:00:00
SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)
2015-11-23 00:00:00
freebsd
freebsd
ntp -- 13 low- and medium-severity vulnerabilities
2015-10-21 00:00:00
arista
arista
Security Advisory 0016
2015-11-04 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module
2019-01-31 02:25:02
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple vulnerabilities in ntp
2018-06-18 01:30:29
Security Bulletin: Vulnerabilities in NTP affect PowerKVM
2018-06-18 01:34:47
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:2058-1)
2021-06-09 00:00:00
Multiple Vulnerabilities in ntpd Affecting Cisco Products (Oct 2015)
2016-05-09 00:00:00
NTP.org 'ntpd' 'decodenetnum' And 'loop counter underrun' DoS Vulnerabilities
2016-11-29 00:00:00
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
2015-10-21 23:00:00
slackware
slackware
[slackware-security] ntp
2015-10-29 22:49:05
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:25.ntp
2015-10-26 00:00:00
symantec
symantec
SA103 : October 2015 NTP Security Vulnerabilities
2015-11-24 08:00:00
securityvulns
securityvulns
ntp multiple security vulnerabilities
2015-11-01 00:00:00
[USN-2783-1] NTP vulnerabilities
2015-11-01 00:00:00
aix
aix
Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS
2016-01-21 09:13:20
ubuntu
ubuntu
NTP vulnerabilities
2015-10-27 00:00:00
suse
suse
Security update for ntp (important)
2016-05-06 13:07:50
Security update for ntp (important)
2016-05-17 15:09:17
Security update for ntp (important)
2016-07-29 19:08:48
fedora
fedora
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-34.fc23
2015-11-02 18:55:43
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-36.fc22
2016-02-21 02:33:52
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-34.fc21
2015-11-04 22:51:44
mageia
mageia
Updated ntp packages fixes security vulnerabilities
2015-10-26 00:50:36
Updated ntp package fixes security vulnerabilities
2015-10-30 23:11:10
Updated ntp packages fix security vulnerabilities
2015-09-08 20:55:59
osv
osv
ntp - security update
2015-10-28 00:00:00
ntp - security update
2015-11-01 00:00:00
debian
debian
[SECURITY] [DLA 335-1] ntp security update
2015-10-28 20:45:05
[SECURITY] [DSA 3388-1] ntp security update
2015-11-01 22:20:55
redhat
redhat
(RHSA-2016:2583) Moderate: ntp security and bug fix update
2016-11-03 06:07:15
(RHSA-2016:0780) Moderate: ntp security and bug fix update
2016-05-10 06:42:20
amazon
amazon
Important: ntp
2015-10-27 16:42:00
Important: ntp
2016-02-09 13:30:00
centos
centos
ntp, ntpdate, sntp security update
2016-11-25 16:00:55
ntp, ntpdate security update
2016-05-16 10:19:19
f5
f5
SOL17530 - NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702
2015-11-02 00:00:00
K17530 : NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702
2015-11-05 00:00:00
K17522 : NTP vulnerability CVE-2015-7851
2015-11-10 00:00:00
oraclelinux
oraclelinux
ntp security and bug fix update
2016-11-09 00:00:00
ntp security and bug fix update
2016-05-12 00:00:00
gentoo
gentoo
NTP: Multiple vulnerabilities
2016-07-20 00:00:00
ics
ics
Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities
2018-08-27 12:00:00
Siemens TIM 4R-IE Devices
2021-04-13 12:00:00
Rockwell Automation Stratix 5900
2017-05-10 12:00:00
ubuntucve
ubuntucve
CVE-2015-7854
2017-08-07 00:00:00
CVE-2015-7705
2015-10-22 00:00:00
CVE-2015-7703
2015-10-22 00:00:00
cve
cve
CVE-2015-5196
2015-10-23 16:59:00
CVE-2015-7849
2017-08-07 20:29:00
CVE-2015-7851
2020-01-28 17:15:00
prion
prion
Integer overflow
2017-01-06 21:59:00
Buffer overflow
2017-08-07 20:29:00
Command injection
2017-07-24 14:29:00
talos
talos
Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
2015-10-21 00:00:00
Network Time Protocol Trusted Keys Memory Corruption Vulnerability
2015-10-21 00:00:00
Network Time Protocol Password Length Memory Corruption Vulnerability
2015-10-21 00:00:00
debiancve
debiancve
CVE-2015-7854
2017-08-07 20:29:00
CVE-2015-7849
2017-08-07 20:29:00
CVE-2015-7850
2017-08-07 20:29:00
citrix
citrix
Citrix XenServer Multiple Security Updates
2017-01-25 05:00:00
veracode
veracode
Arbitrary File Write
2019-05-02 05:29:36

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.971 High

EPSS

Percentile

99.6%

JSON
Related for CF531CAC76DDBE4456F0820A7939858EA06E071B4052A5CE0992D88CE2442928
archlinux1nessus58freebsd1arista1ibm12openvas33cisco1slackware1freebsd_advisory1symantec1securityvulns2aix1ubuntu1suse4fedora6mageia3osv2debian2redhat2amazon2centos2f515oraclelinux2gentoo1ics3ubuntucve10cve7prion8talos7debiancve7citrix1veracode1