Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL16393.NASLHistoryOct 05, 2015 - 12:00 a.m.
F5 Networks BIG-IP : NTP vulnerability (K16393)
2015-10-0500:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
Some kernels do not offer protection for ::1 source addresses on IPv6 interfaces. Since NTP’s access control mechanism is based on source address and localhost addresses generally have no restrictions, an attacker may be able to send malicious control and configuration packets by spoofing ::1 addresses from the outside. (CVE-2014-9751)
Note: The candidate number originally referenced in this article, CVE-2014-9298, was rejected because it was associated with two different issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K16393.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(86257);
script_version("2.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");
script_cve_id("CVE-2014-9298", "CVE-2014-9751");
script_bugtraq_id(72584);
script_name(english:"F5 Networks BIG-IP : NTP vulnerability (K16393)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"Some kernels do not offer protection for ::1 source addresses on IPv6
interfaces. Since NTP's access control mechanism is based on source
address and localhost addresses generally have no restrictions, an
attacker may be able to send malicious control and configuration
packets by spoofing ::1 addresses from the outside. (CVE-2014-9751)
Note: The candidate number originally referenced in this article,
CVE-2014-9298, was rejected because it was associated with two
different issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K16393"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K16393."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/05");
script_set_attribute(attribute:"patch_publication_date", value:"2015/04/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/05");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K16393";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("11.6.0","11.3.0-11.5.1");
vmatrix["AFM"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("11.6.0","11.4.0-11.5.1");
vmatrix["AM"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("11.6.0","11.0.0-11.5.1","10.1.0-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("11.6.0","11.0.0-11.5.1","10.1.0-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.6.0","11.0.0-11.5.1");
vmatrix["AVR"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.6.0","11.0.0-11.5.1","10.1.0-10.2.4");
vmatrix["GTM"]["unaffected"] = make_list("11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("11.6.0","11.0.0-11.5.1","10.1.0-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("11.6.0","11.0.0-11.5.1","10.1.0-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("11.6.0","11.3.0-11.5.1");
vmatrix["PEM"]["unaffected"] = make_list("12.0.0","11.5.2-11.5.5","11.6.0HF6","11.5.3HF2");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
| f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
| f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
| f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
| f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
| f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
| f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
| f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
| f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager | |
| f5 | big-ip_wan_optimization_manager | cpe:/a:f5:big-ip_wan_optimization_manager |
Related
f5
f5
K16393 : NTP vulnerability CVE-2014-9751
2015-11-07 00:00:00
SOL16393 - NTP vulnerability CVE-2014-9751
2015-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2014-9751
2015-10-06 00:00:00
cve
cve
prion
prion
Design/Logic Flaw
2015-10-06 01:59:00
Authentication flaw
2015-10-06 01:59:00
Design/Logic Flaw
2015-10-06 01:59:00
openvas
openvas
Debian: Security Advisory (DLA-149-1)
2023-03-08 00:00:00
RedHat Update for ntp RHSA-2015:1459-01
2015-07-23 00:00:00
RedHat Update for ntp RHSA-2015:2231-04
2015-11-20 00:00:00
ibm
ibm
debiancve
debiancve
CVE-2014-9751
2015-10-06 01:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:41:07
Improper Input Validation And Arbitary Code Injection
2019-05-02 05:41:07
Man-In-The-Middle (MitM)
2019-05-02 05:41:08
nessus
nessus
Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
Oracle Linux 7 : ntp (ELSA-2015-2231)
2015-11-24 00:00:00
CentOS 7 : ntp (CESA-2015:2231)
2015-12-02 00:00:00
redhat
redhat
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
osv
osv
ntp - security update
2015-02-05 00:00:00
ntp - incomplete fix
2015-02-05 00:00:00
ntp - security update
2015-02-07 00:00:00
centos
centos
ntp, ntpdate security update
2015-07-26 14:13:05
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
ubuntu
ubuntu
NTP vulnerabilities
2015-02-09 00:00:00
securityvulns
securityvulns
[USN-2497-1] NTP vulnerabilities
2015-02-11 00:00:00
ntpd multiple security vulnerabilities
2015-02-11 00:00:00
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
2015-04-09 00:00:00
debian
debian
[SECURITY] [DLA 149-1] ntp security update
2015-02-07 15:26:34
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:14:10
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-02-11 23:47:51
archlinux
archlinux
ntp: multiple issues
2015-02-06 00:00:00
amazon
amazon
Medium: ntp
2015-03-23 08:31:00
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
ntp security, bug fix, and enhancement update
2015-07-28 00:00:00
suse
suse
Security update for xntp (important)
2015-02-19 01:05:02
Security update for ntp (important)
2015-02-13 19:04:50
Security update for ntp (important)
2015-02-12 03:06:04
fedora
fedora
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-27.fc21
2015-02-15 03:25:41
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-20.fc20
2015-02-15 03:17:24
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20
2015-04-22 22:55:51
ics
ics
Network Time Protocol Vulnerabilities (Update B)
2018-09-10 12:00:00
Network Time Protocol Vulnerabilities (Update C)
2018-08-29 12:00:00
cert
cert
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
2014-12-22 16:00:00
Related for F5_BIGIP_SOL16393.NASL