{"id": "FEDORA_2015-5761.NASL", "bulletinFamily": "scanner", "title": "Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)", "description": "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-04-23T00:00:00", "modified": "2015-10-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83008", "reporter": "Tenable", "references": ["http://www.nessus.org/u?7e8c1ee7", "https://bugzilla.redhat.com/show_bug.cgi?id=1199435", "https://bugzilla.redhat.com/show_bug.cgi?id=1210324", "https://bugzilla.redhat.com/show_bug.cgi?id=1199430"], "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "type": "nessus", "lastseen": "2019-02-21T01:24:03", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:22"], "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:21:22", "references": [{"idList": ["SSA-2015-111-08"], "type": "slackware"}, {"idList": ["NTP_ADVISORY3.ASC", "NTP4_ADVISORY.ASC"], "type": "aix"}, {"idList": ["SOL16505", "F5:K16505", "F5:K16506", "SOL16506"], "type": "f5"}, {"idList": ["THREATPOST:5769C48C396166703CD9313DCCE52178"], "type": "threatpost"}, {"idList": ["CESA-2015:2231", "CESA-2015:1459"], "type": "centos"}, {"idList": ["VU:374268"], "type": "cert"}, {"idList": ["DEBIAN:DLA-192-1:FEA6C", "DEBIAN:DSA-3223-1:2BB15"], "type": "debian"}, {"idList": ["RHSA-2015:2231", "RHSA-2015:1459"], "type": "redhat"}, {"idList": ["GLSA-201509-01"], "type": "gentoo"}, {"idList": ["DEBIAN_DLA-192.NASL", "MANDRIVA_MDVSA-2015-202.NASL", "SLACKWARE_SSA_2015-111-08.NASL", "OPENSUSE-2015-330.NASL", "CISCO-SA-20150408-NTPD-IOSXE.NASL", "ALA_ALAS-2015-520.NASL", "FREEBSD_PKG_EBD84C96DD7E11E4854E3C970E169BC2.NASL", "FEDORA_2015-5874.NASL", "CISCO-SA-20150408-NTPD-IOS.NASL", "UBUNTU_USN-2567-1.NASL"], "type": "nessus"}, {"idList": ["EBD84C96-DD7E-11E4-854E-3C970E169BC2"], "type": "freebsd"}, {"idList": ["SUSE-SU-2016:1912-1", "SUSE-SU-2016:2094-1", "SUSE-SU-2015:1173-1"], "type": "suse"}, {"idList": ["CVE-2015-1799", "CVE-2015-1798"], "type": "cve"}, {"idList": ["ALAS-2015-520"], "type": "amazon"}, {"idList": ["CISCO-SA-20150408-NTPD", "CISCO-SA-20150408-CVE-2015-1799", "CISCO-SA-20150408-CVE-2015-1798"], "type": "cisco"}, {"idList": ["OPENVAS:703223", "OPENVAS:1361412562310121407", "OPENVAS:1361412562310703223", "OPENVAS:1361412562310105677", "OPENVAS:1361412562310869285", "OPENVAS:1361412562310842167", "OPENVAS:1361412562310120060", "OPENVAS:1361412562310123068", "OPENVAS:1361412562310871405", "OPENVAS:1361412562310869656"], "type": "openvas"}, {"idList": ["ASA-201504-9", "ASA-201504-8"], "type": "archlinux"}, {"idList": ["ELSA-2015-2231", "ELSA-2015-1459"], "type": "oraclelinux"}, {"idList": ["SECURITYVULNS:VULN:14360", "SECURITYVULNS:VULN:14562", "SECURITYVULNS:DOC:31887", "SECURITYVULNS:DOC:32267"], "type": "securityvulns"}, {"idList": ["ICSA-17-094-04"], "type": "ics"}, {"idList": ["USN-2567-1"], "type": "ubuntu"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "e7312ef9838b852e0c932cb0122a868a6b49cdb0ec5b0e7f574c1f175aa923cf", "hashmap": [{"hash": "ea55a5f018861b6cea7d2f3ecca9616d", "key": "references"}, {"hash": "2ef7154e284db47f0a5f353e9a2976cc", "key": "pluginID"}, {"hash": "292538aeb1ca5698ccfa8c77fabc8e70", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b2d32a37ecce68acf73991034a83fd44", "key": "cpe"}, {"hash": "899d3da626a640b7e0b84fd11b72151a", "key": "description"}, {"hash": "d8336b51d9dce929d20291982dee58d5", "key": "sourceData"}, {"hash": "793802c5efe69be647e5ad328d6182b7", "key": "title"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "3110310d810944dbf1b77d4fbc340e18", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "9e8aa618908042d890401183847de928", "key": "cvelist"}, {"hash": "3a945e05d8c6638d212d07571cbc15dc", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83008", "id": "FEDORA_2015-5761.NASL", "lastseen": "2019-01-16T20:21:22", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "83008", "published": "2015-04-23T00:00:00", "references": ["http://www.nessus.org/u?7e8c1ee7", "https://bugzilla.redhat.com/show_bug.cgi?id=1199435", "https://bugzilla.redhat.com/show_bug.cgi?id=1210324", "https://bugzilla.redhat.com/show_bug.cgi?id=1199430"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83008);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n\n script_name(english:\"Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210324\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e8c1ee7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ntp-4.2.6p5-30.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "title": "Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:21:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:22"], "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "ce72ebbde5bd79ab19bc8c2f1d34efc07ba212db68a681e4fb6f07c437a2814f", "hashmap": [{"hash": "ea55a5f018861b6cea7d2f3ecca9616d", "key": "references"}, {"hash": "2ef7154e284db47f0a5f353e9a2976cc", "key": "pluginID"}, {"hash": "292538aeb1ca5698ccfa8c77fabc8e70", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b2d32a37ecce68acf73991034a83fd44", "key": "cpe"}, {"hash": "d8336b51d9dce929d20291982dee58d5", "key": "sourceData"}, {"hash": "793802c5efe69be647e5ad328d6182b7", "key": "title"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "3110310d810944dbf1b77d4fbc340e18", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "9e8aa618908042d890401183847de928", "key": "cvelist"}, {"hash": "48815e4d0dd314cc5cffe85b0475d869", "key": "description"}, {"hash": "3a945e05d8c6638d212d07571cbc15dc", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83008", "id": "FEDORA_2015-5761.NASL", "lastseen": "2017-10-29T13:44:47", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "83008", "published": "2015-04-23T00:00:00", "references": ["http://www.nessus.org/u?7e8c1ee7", "https://bugzilla.redhat.com/show_bug.cgi?id=1199435", "https://bugzilla.redhat.com/show_bug.cgi?id=1210324", "https://bugzilla.redhat.com/show_bug.cgi?id=1199430"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83008);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n\n script_name(english:\"Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210324\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e8c1ee7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ntp-4.2.6p5-30.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "title": "Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:44:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:22"], "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "ce72ebbde5bd79ab19bc8c2f1d34efc07ba212db68a681e4fb6f07c437a2814f", "hashmap": [{"hash": "ea55a5f018861b6cea7d2f3ecca9616d", "key": "references"}, {"hash": "2ef7154e284db47f0a5f353e9a2976cc", "key": "pluginID"}, {"hash": "292538aeb1ca5698ccfa8c77fabc8e70", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b2d32a37ecce68acf73991034a83fd44", "key": "cpe"}, {"hash": "d8336b51d9dce929d20291982dee58d5", "key": "sourceData"}, {"hash": "793802c5efe69be647e5ad328d6182b7", "key": "title"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "3110310d810944dbf1b77d4fbc340e18", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "9e8aa618908042d890401183847de928", "key": "cvelist"}, {"hash": "48815e4d0dd314cc5cffe85b0475d869", "key": "description"}, {"hash": "3a945e05d8c6638d212d07571cbc15dc", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83008", "id": "FEDORA_2015-5761.NASL", "lastseen": "2018-09-02T00:07:22", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "83008", "published": "2015-04-23T00:00:00", "references": ["http://www.nessus.org/u?7e8c1ee7", "https://bugzilla.redhat.com/show_bug.cgi?id=1199435", "https://bugzilla.redhat.com/show_bug.cgi?id=1210324", "https://bugzilla.redhat.com/show_bug.cgi?id=1199430"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83008);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n\n script_name(english:\"Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210324\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e8c1ee7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ntp-4.2.6p5-30.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "title": "Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-02T00:07:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "2cc939edba1c5134e3c779df1e520030a5caa30fe6b4aada0edbb9b926000500", "hashmap": [{"hash": "ea55a5f018861b6cea7d2f3ecca9616d", "key": "references"}, {"hash": "2ef7154e284db47f0a5f353e9a2976cc", "key": "pluginID"}, {"hash": "292538aeb1ca5698ccfa8c77fabc8e70", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d8336b51d9dce929d20291982dee58d5", "key": "sourceData"}, {"hash": "793802c5efe69be647e5ad328d6182b7", "key": "title"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "3110310d810944dbf1b77d4fbc340e18", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "9e8aa618908042d890401183847de928", "key": "cvelist"}, {"hash": "48815e4d0dd314cc5cffe85b0475d869", "key": "description"}, {"hash": "3a945e05d8c6638d212d07571cbc15dc", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83008", "id": "FEDORA_2015-5761.NASL", "lastseen": "2016-09-26T17:26:26", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "83008", "published": "2015-04-23T00:00:00", "references": ["http://www.nessus.org/u?7e8c1ee7", "https://bugzilla.redhat.com/show_bug.cgi?id=1199435", "https://bugzilla.redhat.com/show_bug.cgi?id=1210324", "https://bugzilla.redhat.com/show_bug.cgi?id=1199430"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83008);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n\n script_name(english:\"Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210324\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e8c1ee7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ntp-4.2.6p5-30.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "title": "Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:22"], "cvelist": ["CVE-2015-1799", "CVE-2015-1798"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "51c78e2b081f9c20c631de49853d563aa55b7ae2659165898f6327efd3b027cd", "hashmap": [{"hash": "ea55a5f018861b6cea7d2f3ecca9616d", "key": "references"}, {"hash": "2ef7154e284db47f0a5f353e9a2976cc", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b2d32a37ecce68acf73991034a83fd44", "key": "cpe"}, {"hash": "d8336b51d9dce929d20291982dee58d5", "key": "sourceData"}, {"hash": "793802c5efe69be647e5ad328d6182b7", "key": "title"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "3110310d810944dbf1b77d4fbc340e18", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "9e8aa618908042d890401183847de928", "key": "cvelist"}, {"hash": "48815e4d0dd314cc5cffe85b0475d869", "key": "description"}, {"hash": "3a945e05d8c6638d212d07571cbc15dc", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83008", "id": "FEDORA_2015-5761.NASL", "lastseen": "2018-08-30T19:56:12", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "83008", "published": "2015-04-23T00:00:00", "references": ["http://www.nessus.org/u?7e8c1ee7", "https://bugzilla.redhat.com/show_bug.cgi?id=1199435", "https://bugzilla.redhat.com/show_bug.cgi?id=1210324", "https://bugzilla.redhat.com/show_bug.cgi?id=1199430"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83008);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n\n script_name(english:\"Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210324\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e8c1ee7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ntp-4.2.6p5-30.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "title": "Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:56:12"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b2d32a37ecce68acf73991034a83fd44"}, {"key": "cvelist", "hash": "9e8aa618908042d890401183847de928"}, {"key": "cvss", "hash": "292538aeb1ca5698ccfa8c77fabc8e70"}, {"key": "description", "hash": "48815e4d0dd314cc5cffe85b0475d869"}, {"key": "href", "hash": "3a945e05d8c6638d212d07571cbc15dc"}, {"key": "modified", "hash": "9a00910eeedb8c835c4637a953896665"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "2ef7154e284db47f0a5f353e9a2976cc"}, {"key": "published", "hash": "3110310d810944dbf1b77d4fbc340e18"}, {"key": "references", "hash": "ea55a5f018861b6cea7d2f3ecca9616d"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "d8336b51d9dce929d20291982dee58d5"}, {"key": "title", "hash": "793802c5efe69be647e5ad328d6182b7"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ce72ebbde5bd79ab19bc8c2f1d34efc07ba212db68a681e4fb6f07c437a2814f", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1799", "CVE-2015-1798"]}, {"type": "f5", "idList": ["F5:K16506", "F5:K16505", "SOL16506", "SOL16505"]}, {"type": "nessus", "idList": ["SLACKWARE_SSA_2015-111-08.NASL", "UBUNTU_USN-2567-1.NASL", "FREEBSD_PKG_EBD84C96DD7E11E4854E3C970E169BC2.NASL", "ALA_ALAS-2015-520.NASL", "CISCO-SA-20150408-NTPD-IOSXE.NASL", "DEBIAN_DLA-192.NASL", "FEDORA_2015-5874.NASL", "OPENSUSE-2015-330.NASL", "MANDRIVA_MDVSA-2015-202.NASL", "CISCO-SA-20150408-NTPD-IOS.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14360", "SECURITYVULNS:DOC:31887", "SECURITYVULNS:DOC:32267", "SECURITYVULNS:VULN:14562"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3223-1:2BB15", "DEBIAN:DLA-192-1:FEA6C"]}, {"type": "freebsd", "idList": ["EBD84C96-DD7E-11E4-854E-3C970E169BC2"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842167", "OPENVAS:703223", "OPENVAS:1361412562310703223", "OPENVAS:1361412562310105677", "OPENVAS:1361412562310120060", "OPENVAS:1361412562310869656", "OPENVAS:1361412562310121407", "OPENVAS:1361412562310123068", "OPENVAS:1361412562310871405", "OPENVAS:1361412562310869285"]}, {"type": "archlinux", "idList": ["ASA-201504-8", "ASA-201504-9"]}, {"type": "slackware", "idList": ["SSA-2015-111-08"]}, {"type": "cert", "idList": ["VU:374268"]}, {"type": "ubuntu", "idList": ["USN-2567-1"]}, {"type": "cisco", "idList": ["CISCO-SA-20150408-NTPD", "CISCO-SA-20150408-CVE-2015-1798", "CISCO-SA-20150408-CVE-2015-1799"]}, {"type": "amazon", "idList": ["ALAS-2015-520"]}, {"type": "gentoo", "idList": ["GLSA-201509-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1459", "ELSA-2015-2231"]}, {"type": "redhat", "idList": ["RHSA-2015:1459", "RHSA-2015:2231"]}, {"type": "aix", "idList": ["NTP_ADVISORY3.ASC", "NTP4_ADVISORY.ASC"]}, {"type": "threatpost", "idList": ["THREATPOST:5769C48C396166703CD9313DCCE52178"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1173-1", "SUSE-SU-2016:1912-1", "SUSE-SU-2016:2094-1"]}, {"type": "centos", "idList": ["CESA-2015:2231", "CESA-2015:1459"]}, {"type": "ics", "idList": ["ICSA-17-094-04"]}], "modified": "2019-02-21T01:24:03"}, "score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5761.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83008);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n\n script_name(english:\"Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210324\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e8c1ee7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ntp-4.2.6p5-30.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "83008", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:22"], "scheme": null}

{"cve": [{"lastseen": "2018-01-05T11:51:35", "bulletinFamily": "NVD", "description": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.", "modified": "2018-01-04T21:30:00", "published": "2015-04-08T06:59:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1799", "id": "CVE-2015-1799", "title": "CVE-2015-1799", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:35", "bulletinFamily": "NVD", "description": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.", "modified": "2018-01-04T21:30:00", "published": "2015-04-08T06:59:04", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1798", "id": "CVE-2015-1798", "title": "CVE-2015-1798", "type": "cve", "cvss": {"score": 1.8, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:20", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 515347 (BIG-IP), ID 517524 (BIG-IQ), and ID 517526 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H519461-1 on the **Diagnostics **&gt; **Identified **&gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Low| NTP daemon \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0| Low| NTP daemon \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0| Low| NTP daemon \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0| Low| NTP daemon \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Low| NTP daemon \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Low| NTP daemon \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| NTP daemon \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| NTP daemon \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Low| NTP daemon \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0| Low| NTP daemon \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| NTP daemon \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| NTP daemon \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| NTP daemon \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1 HF5| 3.1.1 HF6| Low| NTP daemon \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| NTP daemon \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| NTP daemon \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| NTP daemon \nBIG-IQ ADC| 4.5.0| None| Low| NTP daemon \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| Low| NTP daemon \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| NTP daemon \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.2.0 - 2.5.1 \n1.6.0 - 1.6.4| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can revert any NTP symmetric authentication configuration customizations that exposed the vulnerability.\n\n**Impact of action:** The impact of the suggested workaround will depend on the specific environment. F5 recommends that you test any such changes during a maintenance window, and consider the possible impact on your specific environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-14T19:23:00", "published": "2015-04-24T21:07:00", "id": "F5:K16506", "href": "https://support.f5.com/csp/article/K16506", "title": "NTP vulnerability CVE-2015-1799", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:20", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 515345 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H519461 on the **Diagnostics **&gt; **Identified **&gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes \n10.1.0 - 10.2.4| Low| NTP daemon \nBIG-IP AAM| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes| Low| NTP daemon \nBIG-IP AFM| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes| Low| NTP daemon \nBIG-IP Analytics| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes| Low| NTP daemon \nBIG-IP APM| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes \n10.1.0 - 10.2.4| Low| NTP daemon \nBIG-IP ASM| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes \n10.1.0 - 10.2.4| Low| NTP daemon \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes \n10.1.0 - 10.2.4| Low| NTP daemon \nBIG-IP Link Controller| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes \n10.1.0 - 10.2.4| Low| NTP daemon \nBIG-IP PEM| 11.6.0 HF4, 11.6.0 HF5 \n11.5.3| 12.0.0 \n11.0.0 - 11.5.2, 11.5.4, 11.6.0 HF3, 11.6.0 HF6 and later hotfixes| Low| NTP daemon \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| NTP daemon \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.2.0 - 2.5.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you can revert any NTP configuration customizations that exposed the vulnerability.\n\n**Impact of action:** The impact of the suggested workaround will depend on the specific environment. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K3122: Using the BIG-IP Configuration utility to add an NTP server](<https://support.f5.com/csp/article/K3122>)\n * [K14120: Defining advanced NTP configurations on the BIG-IP system (11.x - 12.x)](<https://support.f5.com/csp/article/K14120>)\n * [K11237: Defining advanced NTP configurations on the BIG-IP system (9.x - 10.x)](<https://support.f5.com/csp/article/K11237>)\n", "modified": "2017-03-14T19:23:00", "published": "2015-04-24T01:54:00", "href": "https://support.f5.com/csp/article/K16505", "id": "F5:K16505", "title": "NTP vulnerability CVE-2015-1798", "type": "f5", "cvss": {"score": 1.8, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:11", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can revert any NTP symmetric authentication configuration customizations that exposed the vulnerability.\n\n**Impact of action:** The impact of the suggested workaround will depend on the specific environment. F5 recommends that you test any such changes during a maintenance window, and consider the possible impact on your specific environment.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-22T00:00:00", "published": "2015-04-24T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/500/sol16506.html", "id": "SOL16506", "title": "SOL16506 - NTP vulnerability CVE-2015-1799", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-03-29T21:02:20", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you can revert any NTP configuration customizations that exposed the vulnerability.\n\n**Impact of action:** The impact of the suggested workaround will depend on the specific environment. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL3122: Using the BIG-IP Configuration utility to add an NTP server\n * SOL14120: Defining advanced NTP configurations on the BIG-IP system (11.x - 12.x)\n * SOL11237: Defining advanced NTP configurations on the BIG-IP system (9.x - 10.x)\n", "modified": "2016-03-29T00:00:00", "published": "2015-04-23T00:00:00", "id": "SOL16505", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/500/sol16505.html", "title": "SOL16505 - NTP vulnerability CVE-2015-1798", "type": "f5", "cvss": {"score": 1.8, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:24:06", "bulletinFamily": "scanner", "description": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.\n(CVE-2015-1798)\n\nThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.\n(CVE-2015-1799)\n\nThis update also addresses leap-second handling. With older ntp versions, the -x option was sometimes used as a workaround to avoid kernel inserting/deleting leap seconds by stepping the clock and possibly upsetting running applications. That no longer works with 4.2.6 as ntpd steps the clock itself when a leap second occurs. The fix is to treat the one second offset gained during leap second as a normal offset and check the stepping threshold (set by -x or tinker step) to decide if a step should be applied. See this forum post for more information on the Amazon Linux AMI's leap-second handling.", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2015-520.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83271", "published": "2015-05-07T00:00:00", "title": "Amazon Linux AMI : ntp (ALAS-2015-520)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-520.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83271);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_xref(name:\"ALAS\", value:\"2015-520\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2015-520)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The symmetric-key feature in the receive function in ntp_proto.c in\nntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC\nfield has a nonzero length, which makes it easier for\nman-in-the-middle attackers to spoof packets by omitting the MAC.\n(CVE-2015-1798)\n\nThe symmetric-key feature in the receive function in ntp_proto.c in\nntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates\nupon receiving certain invalid packets, which makes it easier for\nman-in-the-middle attackers to cause a denial of service\n(synchronization loss) by spoofing the source IP address of a peer.\n(CVE-2015-1799)\n\nThis update also addresses leap-second handling. With older ntp\nversions, the -x option was sometimes used as a workaround to avoid\nkernel inserting/deleting leap seconds by stepping the clock and\npossibly upsetting running applications. That no longer works with\n4.2.6 as ntpd steps the clock itself when a leap second occurs. The\nfix is to treat the one second offset gained during leap second as a\nnormal offset and check the stepping threshold (set by -x or tinker\nstep) to decide if a step should be applied. See this forum post for\nmore information on the Amazon Linux AMI's leap-second handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1196635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://forums.aws.amazon.com/ann.jspa?annID=3064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-520.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.6p5-30.24.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.6p5-30.24.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:38:12", "bulletinFamily": "scanner", "description": "According to its self-reported version, the IOS XE is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.", "modified": "2018-04-10T00:00:00", "id": "CISCO-SA-20150408-NTPD-IOSXE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108955", "published": "2018-04-10T00:00:00", "title": "Cisco IOS XE Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108955);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/04/10\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut77619\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150408-ntpd\");\n\n script_name(english:\"Cisco IOS XE Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)\");\n script_summary(english:\"Checks the IOS XE version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IOS XE is affected\nby one or more vulnerabilities. Please see the included Cisco BIDs\nand the Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7aaf9b51\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut77619\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)\nCSCut77619.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cpe:/o:cisco:ios_xe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_xe_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XE/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_workarounds.inc\");\ninclude(\"ccf.inc\");\n\nproduct_info = cisco::get_product_info(name:\"Cisco IOS XE Software\");\n\nversion_list = make_list(\n \"2.3.0\",\n \"2.3.0t\",\n \"2.3.1t\",\n \"2.3.2\",\n \"2.3.1\",\n \"2.4.0\",\n \"2.4.1\",\n \"2.4.2\",\n \"2.4.3\",\n \"2.1.0\",\n \"2.1.1\",\n \"2.1.2\",\n \"2.2.1\",\n \"2.2.2\",\n \"2.2.3\",\n \"2.2.0\",\n \"2.5.0\",\n \"2.5.1\",\n \"2.5.2\",\n \"2.6.0\",\n \"2.6.1\",\n \"2.6.2\",\n \"3.1.0S\",\n \"3.1.1S\",\n \"3.1.2S\",\n \"3.1.3S\",\n \"3.1.4S\",\n \"3.1.5S\",\n \"3.1.6S\",\n \"3.1.4aS\",\n \"3.1.3aS\",\n \"3.2.0S\",\n \"3.2.1S\",\n \"3.2.2S\",\n \"3.2.3S\",\n \"3.3.0S\",\n \"3.3.1S\",\n \"3.3.2S\",\n \"3.4.0S\",\n \"3.4.1S\",\n \"3.4.2S\",\n \"3.4.3S\",\n \"3.4.4S\",\n \"3.4.5S\",\n \"3.4.6S\",\n \"3.4.0aS\",\n \"3.1.1SG\",\n \"3.1.0SG\",\n \"3.2.0SG\",\n \"3.2.1SG\",\n \"3.2.2SG\",\n \"3.2.3SG\",\n \"3.2.4SG\",\n \"3.2.5SG\",\n \"3.2.6SG\",\n \"3.2.7SG\",\n \"3.2.8SG\",\n \"3.2.9SG\",\n \"3.2.10SG\",\n \"3.2.11SG\",\n \"3.5.0S\",\n \"3.5.1S\",\n \"3.5.2S\",\n \"3.6.0S\",\n \"3.6.1S\",\n \"3.6.2S\",\n \"3.7.0S\",\n \"3.7.1S\",\n \"3.7.2S\",\n \"3.7.3S\",\n \"3.7.4S\",\n \"3.7.5S\",\n \"3.7.6S\",\n \"3.7.7S\",\n \"3.7.4aS\",\n \"3.7.2tS\",\n \"3.2.0XO\",\n \"3.2.1XO\",\n \"3.3.0SG\",\n \"3.3.2SG\",\n \"3.3.1SG\",\n \"3.8.0S\",\n \"3.8.1S\",\n \"3.8.2S\",\n \"3.9.1S\",\n \"3.9.0S\",\n \"3.9.2S\",\n \"3.9.1aS\",\n \"3.9.0aS\",\n \"3.2.0SE\",\n \"3.2.1SE\",\n \"3.2.2SE\",\n \"3.2.3SE\",\n \"3.3.0SE\",\n \"3.3.1SE\",\n \"3.4.0SG\",\n \"3.4.2SG\",\n \"3.4.1SG\",\n \"3.4.3SG\",\n \"3.4.4SG\",\n \"3.4.5SG\",\n \"3.4.6SG\",\n \"3.4.7aSG\",\n \"3.5.0E\",\n \"3.5.1E\",\n \"3.5.2E\",\n \"3.5.3E\",\n \"3.10.0S\",\n \"3.10.1S\",\n \"3.10.2S\",\n \"3.10.0aS\",\n \"3.10.3S\",\n \"3.10.4S\",\n \"3.10.5S\",\n \"3.10.6S\",\n \"3.10.7S\",\n \"3.10.1xbS\",\n \"3.11.1S\",\n \"3.11.2S\",\n \"3.11.0S\",\n \"3.11.3S\",\n \"3.11.4S\",\n \"3.12.0S\",\n \"3.12.1S\",\n \"3.12.2S\",\n \"3.12.3S\",\n \"3.12.4S\",\n \"3.13.0S\",\n \"3.13.1S\",\n \"3.13.2S\",\n \"3.13.3S\",\n \"3.13.2aS\",\n \"3.13.0aS\",\n \"3.13.5aS\",\n \"3.13.7aS\",\n \"3.6.0E\",\n \"3.6.1E\",\n \"3.6.2aE\",\n \"3.6.2E\",\n \"3.6.3E\",\n \"3.6.5bE\",\n \"3.14.0S\",\n \"3.14.1S\",\n \"3.14.2S\",\n \"3.15.0S\",\n \"3.15.1S\",\n \"3.15.1cS\",\n \"3.3.0SQ\",\n \"3.3.1SQ\",\n \"3.4.0SQ\",\n \"3.4.1SQ\",\n \"3.7.0E\",\n \"3.7.1E\",\n \"3.7.2E\",\n \"3.5.0SQ\",\n \"3.5.1SQ\",\n \"3.5.2SQ\",\n \"3.5.3SQ\",\n \"3.5.4SQ\",\n \"3.5.5SQ\",\n \"3.5.6SQ\",\n \"3.5.7SQ\",\n \"3.16.2aS\",\n \"3.16.2bS\",\n \"3.16.3aS\",\n \"3.16.4aS\",\n \"3.16.4dS\",\n \"3.17.1aS\",\n \"3.2.0JA\",\n \"16.5.2\",\n \"3.18.0aS\",\n \"3.18.2S\",\n \"3.18.3S\",\n \"3.18.1bSP\",\n \"3.18.1cSP\",\n \"3.18.2aSP\"\n);\n\nworkarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);\nworkaround_params = make_list();\n\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_WARNING,\n 'version' , product_info['version'],\n 'bug_id' , \"CSCut77619\"\n);\n\ncisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:02", "bulletinFamily": "scanner", "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "modified": "2015-04-24T00:00:00", "id": "SLACKWARE_SSA_2015-111-08.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82921", "published": "2015-04-22T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-111-08)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-111-08. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82921);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/04/24 14:14:50 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"SSA\", value:\"2015-111-08\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-111-08)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.522767\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b291cd92\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:59", "bulletinFamily": "scanner", "description": "Miroslav Lichvar discovered that NTP incorrectly validated MAC fields.\nA remote attacker could possibly use this issue to bypass authentication and spoof packets. (CVE-2015-1798)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-1799)\n\nJuergen Perlinger discovered that NTP incorrectly generated MD5 keys on big-endian platforms. This issue could either cause ntp-keygen to hang, or could result in non-random keys. (CVE number pending).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2567-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82765", "published": "2015-04-14T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2567-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2567-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82765);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"USN\", value:\"2567-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2567-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Miroslav Lichvar discovered that NTP incorrectly validated MAC fields.\nA remote attacker could possibly use this issue to bypass\nauthentication and spoof packets. (CVE-2015-1798)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain\ninvalid packets. A remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2015-1799)\n\nJuergen Perlinger discovered that NTP incorrectly generated MD5 keys\non big-endian platforms. This issue could either cause ntp-keygen to\nhang, or could result in non-random keys. (CVE number pending).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2567-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"ntp\", pkgver:\"1:4.2.6.p3+dfsg-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ntp\", pkgver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.04.3\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"ntp\", pkgver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.10.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:54", "bulletinFamily": "scanner", "description": "ntp.org reports :\n\n- [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.\n\n- [Sec 2781] Authentication doesn't protect symmetric associations against DoS attacks.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_EBD84C96DD7E11E4854E3C970E169BC2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82631", "published": "2015-04-08T00:00:00", "title": "FreeBSD : ntp -- multiple vulnerabilities (ebd84c96-dd7e-11e4-854e-3c970e169bc2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82631);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:07.ntp\");\n\n script_name(english:\"FreeBSD : ntp -- multiple vulnerabilities (ebd84c96-dd7e-11e4-854e-3c970e169bc2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ntp.org reports :\n\n- [Sec 2779] ntpd accepts unauthenticated packets with symmetric key\ncrypto.\n\n- [Sec 2781] Authentication doesn't protect symmetric associations\nagainst DoS attacks.\"\n );\n # http://archive.ntp.org/ntp4/ChangeLog-stable\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable\"\n );\n # https://vuxml.freebsd.org/freebsd/ebd84c96-dd7e-11e4-854e-3c970e169bc2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35298404\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ntp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ntp<4.2.8p2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ntp-devel<4.3.14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:57", "bulletinFamily": "scanner", "description": "Brief introduction \n\nCVE-2015-1798\n\nWhen ntpd is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not if there actually is any MAC included. Packets without a MAC are accepted as if they had a valid MAC. This allows a MITM attacker to send false packets that are accepted by the client/peer without having to know the symmetric key.\nThe attacker needs to know the transmit timestamp of the client to match it in the forged reply and the false reply needs to reach the client before the genuine reply from the server. The attacker doesn't necessarily need to be relaying the packets between the client and the server. Authentication using autokey doesn't have this problem as there is a check that requires the key ID to be larger than NTP_MAXKEY, which fails for packets without a MAC.\n\nCVE-2015-1799\n\nAn attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can send a packet to host A with source address of B which will set the NTP state variables on A to the values sent by the attacker. Host A will then send on its next poll to B a packet with originate timestamp that doesn't match the transmit timestamp of B and the packet will be dropped. If the attacker does this periodically for both hosts, they won't be able to synchronize to each other. This is a known denial of service attack, described at https://www.eecis.udel.edu/~mills/onwire.html . According to the document the NTP authentication is supposed to protect symmetric associations against this attack, but that doesn't seem to be the case. The state variables are updated even when authentication fails and the peers are sending packets with originate timestamps that don't match the transmit timestamps on the receiving side.\n\nntp-keygen on big endian hosts\n\nUsing ntp-keygen to generate an MD5 key on big endian hosts resulted in either an infite loop or an key of only 93 possible keys.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-06T00:00:00", "id": "DEBIAN_DLA-192.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82715", "published": "2015-04-13T00:00:00", "title": "Debian DLA-192-1 : ntp security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82715);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n\n script_name(english:\"Debian DLA-192-1 : ntp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brief introduction \n\nCVE-2015-1798\n\nWhen ntpd is configured to use a symmetric key to authenticate a\nremote NTP server/peer, it checks if the NTP message authentication\ncode (MAC) in received packets is valid, but not if there actually is\nany MAC included. Packets without a MAC are accepted as if they had a\nvalid MAC. This allows a MITM attacker to send false packets that are\naccepted by the client/peer without having to know the symmetric key.\nThe attacker needs to know the transmit timestamp of the client to\nmatch it in the forged reply and the false reply needs to reach the\nclient before the genuine reply from the server. The attacker doesn't\nnecessarily need to be relaying the packets between the client and the\nserver. Authentication using autokey doesn't have this problem as\nthere is a check that requires the key ID to be larger than\nNTP_MAXKEY, which fails for packets without a MAC.\n\nCVE-2015-1799\n\nAn attacker knowing that NTP hosts A and B are peering with each other\n(symmetric association) can send a packet to host A with source\naddress of B which will set the NTP state variables on A to the values\nsent by the attacker. Host A will then send on its next poll to B a\npacket with originate timestamp that doesn't match the transmit\ntimestamp of B and the packet will be dropped. If the attacker does\nthis periodically for both hosts, they won't be able to synchronize to\neach other. This is a known denial of service attack, described at\nhttps://www.eecis.udel.edu/~mills/onwire.html . According to the\ndocument the NTP authentication is supposed to protect symmetric\nassociations against this attack, but that doesn't seem to be the\ncase. The state variables are updated even when authentication fails\nand the peers are sending packets with originate timestamps that don't\nmatch the transmit timestamps on the receiving side.\n\nntp-keygen on big endian hosts\n\nUsing ntp-keygen to generate an MD5 key on big endian hosts resulted\nin either an infite loop or an key of only 93 possible keys.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/ntp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.eecis.udel.edu/~mills/onwire.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected ntp, ntp-doc, and ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"ntp\", reference:\"1:4.2.6.p2+dfsg-1+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ntp-doc\", reference:\"1:4.2.6.p2+dfsg-1+deb6u3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ntpdate\", reference:\"1:4.2.6.p2+dfsg-1+deb6u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:58", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been found and corrected in ntp :\n\nThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (CVE-2015-1798).\n\nThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (CVE-2015-1799).\n\nThe updated packages provides a solution for these security issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2015-202.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82737", "published": "2015-04-13T00:00:00", "title": "Mandriva Linux Security Advisory : ntp (MDVSA-2015:202)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:202. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82737);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_xref(name:\"MDVSA\", value:\"2015:202\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ntp (MDVSA-2015:202)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in ntp :\n\nThe symmetric-key feature in the receive function in ntp_proto.c in\nntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC\nfield has a nonzero length, which makes it easier for\nman-in-the-middle attackers to spoof packets by omitting the MAC\n(CVE-2015-1798).\n\nThe symmetric-key feature in the receive function in ntp_proto.c in\nntpd in NTP before 4.2.8p2 performs state-variable updates upon\nreceiving certain invalid packets, which makes it easier for\nman-in-the-middle attackers to cause a denial of service\n(synchronization loss) by spoofing the source IP address of a peer\n(CVE-2015-1799).\n\nThe updated packages provides a solution for these security issues.\"\n );\n # http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fec88bd0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp, ntp-client and / or ntp-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-8.4.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ntp-client-4.2.6p5-8.4.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-8.4.mbs1\")) flag++;\n\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-16.3.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"ntp-client-4.2.6p5-16.3.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"ntp-doc-4.2.6p5-16.3.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:05", "bulletinFamily": "scanner", "description": "NTP was updated to fix two security vulnerabilities :\n\n - ntpd could accept unauthenticated packets with symmetric key crypto. (CVE-2015-1798)\n\n - ntpd authentication did not protect symmetric associations against DoS attacks (CVE-2015-1799)", "modified": "2015-04-28T00:00:00", "id": "OPENSUSE-2015-330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83105", "published": "2015-04-28T00:00:00", "title": "openSUSE Security Update : ntp (openSUSE-2015-330)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-330.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83105);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/04/28 13:21:36 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n\n script_name(english:\"openSUSE Security Update : ntp (openSUSE-2015-330)\");\n script_summary(english:\"Check for the openSUSE-2015-330 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP was updated to fix two security vulnerabilities :\n\n - ntpd could accept unauthenticated packets with symmetric\n key crypto. (CVE-2015-1798)\n\n - ntpd authentication did not protect symmetric\n associations against DoS attacks (CVE-2015-1799)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924202\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-4.2.6p5-15.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-debuginfo-4.2.6p5-15.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ntp-debugsource-4.2.6p5-15.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ntp-4.2.6p5-25.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ntp-debuginfo-4.2.6p5-25.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ntp-debugsource-4.2.6p5-25.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-debugsource\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:03", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2015-5874.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83010", "published": "2015-04-23T00:00:00", "title": "Fedora 20 : ntp-4.2.6p5-22.fc20 (2015-5874)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5874.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83010);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"FEDORA\", value:\"2015-5874\");\n\n script_name(english:\"Fedora 20 : ntp-4.2.6p5-22.fc20 (2015-5874)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-1799, CVE-2015-1798, #1210324\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210324\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?313a62f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"ntp-4.2.6p5-22.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:38:12", "bulletinFamily": "scanner", "description": "According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.", "modified": "2018-04-10T00:00:00", "id": "CISCO-SA-20150408-NTPD-IOS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=108954", "published": "2018-04-10T00:00:00", "title": "Cisco IOS Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108954);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/04/10\");\n\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_bugtraq_id(73950, 73951);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut77619\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150408-ntpd\");\n\n script_name(english:\"Cisco IOS Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd)\");\n script_summary(english:\"Checks the IOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IOS is affected\nby one or more vulnerabilities. Please see the included Cisco BIDs\nand the Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7aaf9b51\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut77619\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)\nCSCut77619.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cpe:/o:cisco:ios\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_workarounds.inc\");\ninclude(\"ccf.inc\");\n\nproduct_info = cisco::get_product_info(name:\"Cisco IOS\");\n\nversion_list = make_list(\n \"12.1(3)XG\",\n \"12.1(3)XG6\",\n \"12.1(3)XG5\",\n \"12.1(3)XG2\",\n \"12.1(3)XG1\",\n \"12.1(3)XG4\",\n \"12.1(3)XG3\",\n \"12.1(12)\",\n \"12.1(1c)\",\n \"12.1(14)\",\n \"12.1(2a)\",\n \"12.1(7)\",\n \"12.1(9)\",\n \"12.1(4a)\",\n \"12.1(3b)\",\n \"12.1(11a)\",\n \"12.1(5b)\",\n \"12.1(6)\",\n \"12.1(4b)\",\n \"12.1(12a)\",\n \"12.1(11b)\",\n \"12.1(5)\",\n \"12.1(16)\",\n \"12.1(12c)\",\n \"12.1(8b)\",\n \"12.1(13)\",\n \"12.1(7a)\",\n \"12.1(7b)\",\n \"12.1(13a)\",\n \"12.1(22a)\",\n \"12.1(24)\",\n \"12.1(17)\",\n \"12.1(5e)\",\n \"12.1(8)\",\n \"12.1(18)\",\n \"12.1(1a)\",\n \"12.1(1)\",\n \"12.1(5c)\",\n \"12.1(6b)\",\n \"12.1(5a)\",\n \"12.1(27a)\",\n \"12.1(8a)\",\n \"12.1(20)\",\n \"12.1(2b)\",\n \"12.1(17a)\",\n \"12.1(19)\",\n \"12.1(27)\",\n \"12.1(2)\",\n \"12.1(6a)\",\n \"12.1(22b)\",\n \"12.1(15)\",\n \"12.1(1b)\",\n \"12.1(20a)\",\n \"12.1(26)\",\n \"12.1(10)\",\n \"12.1(4c)\",\n \"12.1(10a)\",\n \"12.1(21)\",\n \"12.1(5d)\",\n \"12.1(22)\",\n \"12.1(11)\",\n \"12.1(12b)\",\n \"12.1(22c)\",\n \"12.1(27b)\",\n \"12.1(9a)\",\n \"12.1(3)\",\n \"12.1(25)\",\n \"12.1(7c)\",\n \"12.1(3a)\",\n \"12.1(3a)XI9\",\n \"12.1(3)XI\",\n \"12.1(3a)XI8\",\n \"12.1(3a)XI3\",\n \"12.1(3a)XI1\",\n \"12.1(3a)XI7\",\n \"12.1(3a)XI6\",\n \"12.1(3a)XI4\",\n \"12.1(3a)XI2\",\n \"12.1(3a)XI5\",\n \"12.0(2)XC\",\n \"12.0(2)XC1\",\n \"12.0(2)XC2\",\n \"12.1(3)XJ\",\n \"12.0(2)XD1\",\n \"12.0(2)XD\",\n \"12.0(5)S\",\n \"12.0(15)S\",\n \"12.0(16)S\",\n \"12.0(17)S\",\n \"12.0(18)S\",\n \"12.0(19)S\",\n \"12.0(21)S\",\n \"12.0(22)S\",\n \"12.0(23)S\",\n \"12.0(24)S\",\n \"12.0(25)S\",\n \"12.0(26)S\",\n \"12.0(27)S\",\n \"12.0(28)S\",\n \"12.0(29)S\",\n \"12.0(30)S\",\n \"12.0(31)S\",\n \"12.0(31)S6\",\n \"12.0(32)S4\",\n \"12.0(32)S\",\n \"12.0(33)S\",\n \"12.0(25)S1\",\n \"12.0(30)S2\",\n \"12.0(23)S5\",\n \"12.0(16)S9\",\n \"12.0(18)S6\",\n \"12.0(11)S6\",\n \"12.0(21)S1\",\n \"12.0(24)S4a\",\n \"12.0(21)S5\",\n \"12.0(22)S5\",\n \"12.0(28)S5\",\n \"12.0(18)S5a\",\n \"12.0(21)S6\",\n \"12.0(18)S3\",\n \"12.0(10)S\",\n \"12.0(21)S2\",\n \"12.0(11)S5\",\n \"12.0(17)S6\",\n \"12.0(33)S5\",\n \"12.0(2)S\",\n \"12.0(22)S2\",\n \"12.0(16)S6\",\n \"12.0(4)S\",\n \"12.0(13)S8\",\n \"12.0(14)S7\",\n \"12.0(27)S1\",\n \"12.0(21)S6a\",\n \"12.0(14)S8\",\n \"12.0(6)S2\",\n \"12.0(26)S4\",\n \"12.0(32)S15\",\n \"12.0(33)S7\",\n \"12.0(25)S1d\",\n \"12.0(12)S4\",\n \"12.0(25)S2\",\n \"12.0(22)S5a\",\n \"12.0(32)S9\",\n \"12.0(25)S1b\",\n \"12.0(32)S2a\",\n \"12.0(27)S5\",\n \"12.0(19)S1\",\n \"12.0(32)S11\",\n \"12.0(23)S2a\",\n \"12.0(32)S8\",\n \"12.0(32)S6(c1)\",\n \"12.0(15)S3\",\n \"12.0(31)S1\",\n \"12.0(27)S4\",\n \"12.0(23)S3\",\n \"12.0(16)S3\",\n \"12.0(18)S4\",\n \"12.0(16)S10\",\n \"12.0(22)S2e\",\n \"12.0(32)S3\",\n \"12.0(21)S3\",\n \"12.0(28)S4\",\n \"12.0(7)S\",\n \"12.0(33)S6\",\n \"12.0(6)S\",\n \"12.0(19)S3\",\n \"12.0(23)S2\",\n \"12.0(6)S1\",\n \"12.0(11)S4\",\n \"12.0(10)S1\",\n \"12.0(23)S3c\",\n \"12.0(17)S3\",\n \"12.0(18)S1\",\n \"12.0(14)S3\",\n \"12.0(14)S\",\n \"12.0(25)S4\",\n \"12.0(32)S2\",\n \"12.0(10)S7\",\n \"12.0(16)S8\",\n \"12.0(28)S1\",\n \"12.0(24)S6\",\n \"12.0(32)S14\",\n \"12.0(11)S3\",\n \"12.0(12)S3\",\n \"12.0(17)S4\",\n \"12.0(25)S3\",\n \"12.0(14)S4\",\n \"12.0(17)S1\",\n \"12.0(24)S2a\",\n \"12.0(32)S10\",\n \"12.0(14)S6\",\n \"12.0(15)S1\",\n \"12.0(31)S5\",\n \"12.0(22)S3a\",\n \"12.0(26)S2\",\n \"12.0(32)S13\",\n \"12.0(12)S1\",\n \"12.0(15)S2\",\n \"12.0(22)S2c\",\n \"12.0(33)S9\",\n \"12.0(10)S3\",\n \"12.0(13)S5\",\n \"12.0(15)S4\",\n \"12.0(8)S\",\n \"12.0(28)S4z\",\n \"12.0(10)S3b\",\n \"12.0(24)S2b\",\n \"12.0(22)S6\",\n \"12.0(18)S7\",\n \"12.0(22)S4\",\n \"12.0(21)S8\",\n \"12.0(8)S1\",\n \"12.0(33)S8\",\n \"12.0(13)S2\",\n \"12.0(32)S16\",\n \"12.0(26)S5\",\n \"12.0(10)S4\",\n \"12.0(25)S1a\",\n \"12.0(24)S5\",\n \"12.0(25)S1c\",\n \"12.0(23)S3a\",\n \"12.0(16)S5\",\n \"12.0(31)S2\",\n \"12.0(16)S1\",\n \"12.0(26)S1\",\n \"12.0(23)S6a\",\n \"12.0(24)S2\",\n \"12.0(13)S1\",\n \"12.0(32)S5\",\n \"12.0(14)S1\",\n \"12.0(26)S6\",\n \"12.0(21)S5a\",\n \"12.0(27)S3\",\n \"12.0(3)S\",\n \"12.0(31)S4\",\n \"12.0(22)S4a\",\n \"12.0(16)S8a\",\n \"12.0(22)S3b\",\n \"12.0(32)S12\",\n \"12.0(22)S2b\",\n \"12.0(26)S3\",\n \"12.0(10)S2\",\n \"12.0(11)S1\",\n \"12.0(14)S2\",\n \"12.0(17)S2\",\n \"12.0(22)S3c\",\n \"12.0(28)S6\",\n \"12.0(18)S2\",\n \"12.0(10)S8\",\n \"12.0(13)S\",\n \"12.0(16)S7\",\n \"12.0(9)S\",\n \"12.0(15)S7\",\n \"12.0(17)S7\",\n \"12.0(9)S8\",\n \"12.0(22)S3\",\n \"12.0(21)S7\",\n \"12.0(27)S2\",\n \"12.0(30)S5\",\n \"12.0(18)S5\",\n \"12.0(33)S1\",\n \"12.0(28)S3\",\n \"12.0(16)S2\",\n \"12.0(23)S4\",\n \"12.0(13)S4\",\n \"12.0(19)S2\",\n \"12.0(30)S3\",\n \"12.0(19)S2a\",\n \"12.0(26)S2c\",\n \"12.0(15)S5\",\n \"12.0(24)S1\",\n \"12.0(29)S1\",\n \"12.0(31)S3\",\n \"12.0(33)S2\",\n \"12.0(13)S3\",\n \"12.0(32)S7\",\n \"12.0(30)S4\",\n \"12.0(22)S2a\",\n \"12.0(32)S17\",\n \"12.0(10)S5\",\n \"12.0(24)S4\",\n \"12.0(30)S1\",\n \"12.0(15)S6\",\n \"12.0(24)S3\",\n \"12.0(22)S2d\",\n \"12.0(12)S\",\n \"12.0(21)S4\",\n \"12.0(13)S6\",\n \"12.0(21)S4a\",\n \"12.0(28)S2\",\n \"12.0(7)S1\",\n \"12.0(32)S1\",\n \"12.0(22)S1\",\n \"12.0(12)S2\",\n \"12.0(17)S5\",\n \"12.0(11)S\",\n \"12.0(11)S2\",\n \"12.0(14)S5\",\n \"12.0(16)S4\",\n \"12.0(32)S11z\",\n \"12.0(32)S6\",\n \"12.0(23)S6\",\n \"12.0(33)S3\",\n \"12.0(19)S4\",\n \"12.0(23)S1\",\n \"12.0(23)S3b\",\n \"12.0(27)S4z\",\n \"12.0(33)S10\",\n \"12.0(33)S4\",\n \"12.0(33)S11\",\n \"12.0(16)ST\",\n \"12.0(10)ST\",\n \"12.0(11)ST\",\n \"12.0(14)ST\",\n \"12.0(17)ST\",\n \"12.0(18)ST\",\n \"12.0(19)ST\",\n \"12.0(20)ST\",\n \"12.0(21)ST\",\n \"12.0(9)ST\",\n \"12.0(11)ST3\",\n \"12.0(21)ST2a\",\n \"12.0(20)ST2\",\n \"12.0(10)ST1\",\n \"12.0(17)ST7\",\n \"12.0(21)ST6\",\n \"12.0(20)ST3\",\n \"12.0(20)ST6\",\n \"12.0(21)ST3a\",\n \"12.0(21)ST2\",\n \"12.0(17)ST8\",\n \"12.0(14)ST1\",\n \"12.0(21)ST5\",\n \"12.0(20)ST4\",\n \"12.0(17)ST1\",\n \"12.0(19)ST6\",\n \"12.0(17)ST2\",\n \"12.0(19)ST4\",\n \"12.0(18)ST1\",\n \"12.0(17)ST4\",\n \"12.0(19)ST1\",\n \"12.0(14)ST2\",\n \"12.0(19)ST2\",\n \"12.0(14)ST3\",\n \"12.0(17)ST3\",\n \"12.0(21)ST4\",\n \"12.0(21)ST6a\",\n \"12.0(10)ST2\",\n \"12.0(21)ST2b\",\n \"12.0(11)ST2\",\n \"12.0(11)ST1\",\n \"12.0(17)ST5\",\n \"12.0(16)ST1\",\n \"12.0(17)ST6\",\n \"12.0(19)ST5\",\n \"12.0(21)ST7\",\n \"12.0(19)ST3\",\n \"12.0(20)ST5\",\n \"12.0(20)ST1\",\n \"12.0(11)ST4\",\n \"12.0(21)ST3\",\n \"12.0(21)ST1\",\n \"12.1(2)XF5\",\n \"12.1(2)XF1\",\n \"12.1(2)XF4\",\n \"12.1(2)XF\",\n \"12.1(2)XF2\",\n \"12.1(2)XF3\",\n \"12.0(19)SP\",\n \"12.0(20)SP\",\n \"12.0(21)SP\",\n \"12.0(21)SP2\",\n \"12.0(20)SP1\",\n \"12.0(21)SP4\",\n \"12.0(21)SP1\",\n \"12.0(21)SP3\",\n \"12.0(19)SP1\",\n \"12.0(20)SP2\",\n \"12.1(3a)XL3\",\n \"12.1(3a)XL2\",\n \"12.1(3)XL\",\n \"12.1(3a)XL1\",\n \"12.1(3)XQ1\",\n \"12.1(3)XQ2\",\n \"12.1(3)XQ\",\n \"12.1(3)XQ3\",\n \"12.1(5)XU\",\n \"12.1(5)XU2\",\n \"12.1(5)XU1\",\n \"12.1(5)YD6\",\n \"12.1(5)YD2\",\n \"12.1(5)YD\",\n \"12.1(5)YD5\",\n \"12.1(5)YD3\",\n \"12.1(5)YD1\",\n \"12.1(5)YD4\",\n \"12.1(5)YI1\",\n \"12.1(5)YI\",\n \"12.1(5)YI2\",\n \"12.2(4)B\",\n \"12.2(15)B\",\n \"12.2(16)B1\",\n \"12.2(2)B7\",\n \"12.2(2)B6\",\n \"12.2(4)B7\",\n \"12.2(4)B2\",\n \"12.2(2)B\",\n \"12.2(16)B2\",\n \"12.2(4)B6\",\n \"12.2(2)B1\",\n \"12.2(4)B1\",\n \"12.2(4)B4\",\n \"12.2(4)B3\",\n \"12.2(2)B2\",\n \"12.2(2)B3\",\n \"12.2(4)B8\",\n \"12.2(2)B5\",\n \"12.2(4)B5\",\n \"12.2(2)B4\",\n \"12.2(16)B\",\n \"12.2(1b)DA\",\n \"12.2(5)DA\",\n \"12.2(7)DA\",\n \"12.2(12)DA\",\n \"12.2(10)DA5\",\n \"12.2(12)DA10\",\n \"12.2(10)DA\",\n \"12.2(12)DA1\",\n \"12.2(12)DA6\",\n \"12.2(10)DA8\",\n \"12.2(12)DA8\",\n \"12.2(12)DA11\",\n \"12.2(12)DA9\",\n \"12.2(12)DA4\",\n \"12.2(10)DA3\",\n \"12.2(12)DA14\",\n \"12.2(5)DA1\",\n \"12.2(12)DA13\",\n \"12.2(12)DA12\",\n \"12.2(12)DA7\",\n \"12.2(1b)DA1\",\n \"12.2(10)DA1\",\n \"12.2(10)DA6\",\n \"12.2(10)DA4\",\n \"12.2(12)DA2\",\n \"12.2(12)DA3\",\n \"12.2(10)DA2\",\n \"12.2(12)DA5\",\n \"12.2(10)DA7\",\n \"12.2(10)DA9\",\n \"12.2(14)S\",\n \"12.2(22)S\",\n \"12.2(20)S\",\n \"12.2(18)S\",\n \"12.2(14)S16\",\n \"12.2(25)S\",\n \"12.2(30)S\",\n \"12.2(9)S\",\n \"12.2(20)S10\",\n \"12.2(20)S8\",\n \"12.2(30)S1\",\n \"12.2(22)S2\",\n \"12.2(14)S7\",\n \"12.2(14)S11\",\n \"12.2(25)S12\",\n \"12.2(25)S4\",\n \"12.2(14)S18\",\n \"12.2(18)S8\",\n \"12.2(18)S10\",\n \"12.2(25)S15\",\n \"12.2(20)S5\",\n \"12.2(25)S7\",\n \"12.2(18)S7\",\n \"12.2(25)S14\",\n \"12.2(14)S10\",\n \"12.2(25)S11\",\n \"12.2(14)S13\",\n \"12.2(30)S2\",\n \"12.2(18)S1\",\n \"12.2(18)S11\",\n \"12.2(18)S5\",\n \"12.2(20)S4\",\n \"12.2(25)S10\",\n \"12.2(20)S7\",\n \"12.2(18)S2\",\n \"12.2(25)S5\",\n \"12.2(14)S17\",\n \"12.2(18)S9\",\n \"12.2(14)S3\",\n \"12.2(18)S6\",\n \"12.2(18)S12\",\n \"12.2(25)S13\",\n \"12.2(18)S4\",\n \"12.2(25)S2\",\n \"12.2(20)S2\",\n \"12.2(20)S12\",\n \"12.2(14)S12\",\n \"12.2(20)S11\",\n \"12.2(25)S8\",\n \"12.2(20)S14\",\n \"12.2(20)S9\",\n \"12.2(14)S15\",\n \"12.2(14)S1\",\n \"12.2(14)S9\",\n \"12.2(14)S2\",\n \"12.2(14)S19\",\n \"12.2(14)S8\",\n \"12.2(18)S3\",\n \"12.2(20)S6\",\n \"12.2(14)S5\",\n \"12.2(20)S3\",\n \"12.2(25)S1\",\n \"12.2(18)S13\",\n \"12.2(22)S1\",\n \"12.2(25)S9\",\n \"12.2(14)S14\",\n \"12.2(25)S3\",\n \"12.2(20)S1\",\n \"12.2(20)S13\",\n \"12.2(25)S6\",\n \"12.2(2)XA\",\n \"12.2(2)XA2\",\n \"12.2(2)XA3\",\n \"12.2(2)XA4\",\n \"12.2(2)XA5\",\n \"12.2(2)XA1\",\n \"12.2(2)XB11\",\n \"12.2(2)XB5\",\n \"12.2(2)XB2\",\n \"12.2(2)XB1\",\n \"12.2(2)XB10\",\n \"12.2(2)XB7\",\n \"12.2(2)XB3\",\n \"12.2(2)XB6\",\n \"12.2(2)XB14\",\n \"12.2(2)XB12\",\n \"12.2(2)XB15\",\n \"12.2(2)XB8\",\n \"12.2(2)XG\",\n \"12.2(4)XL\",\n \"12.2(4)XL5\",\n \"12.2(4)XL2\",\n \"12.2(4)XL6\",\n \"12.2(4)XL4\",\n \"12.2(4)XL1\",\n \"12.2(4)XL3\",\n \"12.2(4)XM\",\n \"12.2(4)XM3\",\n \"12.2(4)XM2\",\n \"12.2(4)XM4\",\n \"12.2(4)XM1\",\n \"12.2(10a)\",\n \"12.2(1)\",\n \"12.2(21b)\",\n \"12.2(10)\",\n \"12.2(1a)\",\n \"12.2(1b)\",\n \"12.2(1c)\",\n \"12.2(1d)\",\n \"12.2(10b)\",\n \"12.2(10d)\",\n \"12.2(10g)\",\n \"12.2(3a)\",\n \"12.2(3b)\",\n \"12.2(3c)\",\n \"12.2(3d)\",\n \"12.2(3g)\",\n \"12.2(3)\",\n \"12.2(5)\",\n \"12.2(5a)\",\n \"12.2(5b)\",\n \"12.2(5c)\",\n \"12.2(5d)\",\n \"12.2(6g)\",\n \"12.2(6h)\",\n \"12.2(6i)\",\n \"12.2(6j)\",\n \"12.2(6)\",\n \"12.2(6a)\",\n \"12.2(6b)\",\n \"12.2(6c)\",\n \"12.2(6d)\",\n \"12.2(6e)\",\n \"12.2(6f)\",\n \"12.2(7a)\",\n \"12.2(7b)\",\n \"12.2(7c)\",\n \"12.2(7e)\",\n \"12.2(7g)\",\n \"12.2(7)\",\n \"12.2(37)\",\n \"12.2(19b)\",\n \"12.2(24b)\",\n \"12.2(12e)\",\n \"12.2(28)\",\n \"12.2(34)\",\n \"12.2(34a)\",\n \"12.2(46a)\",\n \"12.2(12b)\",\n \"12.2(26b)\",\n \"12.2(28a)\",\n \"12.2(12i)\",\n \"12.2(19)\",\n \"12.2(24)\",\n \"12.2(12g)\",\n \"12.2(13c)\",\n \"12.2(12f)\",\n \"12.2(12c)\",\n \"12.2(32)\",\n \"12.2(31)\",\n \"12.2(26a)\",\n \"12.2(27)\",\n \"12.2(17e)\",\n \"12.2(28d)\",\n \"12.2(17a)\",\n \"12.2(12k)\",\n \"12.2(13e)\",\n \"12.2(12a)\",\n \"12.2(19c)\",\n \"12.2(27b)\",\n \"12.2(17b)\",\n \"12.2(23)\",\n \"12.2(27a)\",\n \"12.2(16)\",\n \"12.2(12m)\",\n \"12.2(40)\",\n \"12.2(28c)\",\n \"12.2(24a)\",\n \"12.2(21a)\",\n \"12.2(13b)\",\n \"12.2(23a)\",\n \"12.2(17d)\",\n \"12.2(26)\",\n \"12.2(43)\",\n \"12.2(23c)\",\n \"12.2(16b)\",\n \"12.2(13)\",\n \"12.2(19a)\",\n \"12.2(17f)\",\n \"12.2(28b)\",\n \"12.2(23d)\",\n \"12.2(12)\",\n \"12.2(12j)\",\n \"12.2(23f)\",\n \"12.2(17)\",\n \"12.2(16c)\",\n \"12.2(16a)\",\n \"12.2(27c)\",\n \"12.2(35)\",\n \"12.2(12l)\",\n \"12.2(12h)\",\n \"12.2(16f)\",\n \"12.2(29a)\",\n \"12.2(29b)\",\n \"12.2(13a)\",\n \"12.2(40a)\",\n \"12.2(26c)\",\n \"12.2(23e)\",\n \"12.2(21)\",\n \"12.2(46)\",\n \"12.2(29)\",\n \"12.2(2)XN\",\n \"12.2(33)XN1\",\n \"12.2(2)XR\",\n \"12.2(4)XR\",\n \"12.2(15)XR\",\n \"12.2(15)XR1\",\n \"12.2(15)XR2\",\n \"12.2(1)XS\",\n \"12.2(1)XS2\",\n \"12.2(1)XS1\",\n \"12.2(1)XS1a\",\n \"12.2(2)XT\",\n \"12.2(2)XT2\",\n \"12.2(2)XT3\",\n \"12.2(4)XW\",\n \"12.2(4)YA\",\n \"12.2(4)YA6\",\n \"12.2(4)YA3\",\n \"12.2(4)YA4\",\n \"12.2(4)YA1\",\n \"12.2(4)YA11\",\n \"12.2(4)YA2\",\n \"12.2(4)YA9\",\n \"12.2(4)YA8\",\n \"12.2(4)YA5\",\n \"12.2(4)YA13\",\n \"12.2(4)YA12\",\n \"12.2(4)YA10\",\n \"12.2(4)YA7\",\n \"12.2(4)YB\",\n \"12.2(2)YC\",\n \"12.2(2)YC4\",\n \"12.2(2)YC1\",\n \"12.2(2)YC3\",\n \"12.2(2)YC2\",\n \"12.2(8)YD\",\n \"12.2(8)YD3\",\n \"12.2(8)YD2\",\n \"12.2(8)YD1\",\n \"12.2(4)YF\",\n \"12.2(4)YG\",\n \"12.2(4)YH\",\n \"12.1(5)YF2\",\n \"12.1(5)YF1\",\n \"12.1(5)YF4\",\n \"12.1(5)YF3\",\n \"12.1(5)YF\",\n \"12.0(19)\",\n \"12.0(2a)\",\n \"12.0(6)\",\n \"12.0(13)\",\n \"12.0(1)\",\n \"12.0(9)\",\n \"12.0(16)\",\n \"12.0(2)\",\n \"12.0(28c)\",\n \"12.0(18a)\",\n \"12.0(17)\",\n \"12.0(19a)\",\n \"12.0(8a)\",\n \"12.0(16a)\",\n \"12.0(18)\",\n \"12.0(6b)\",\n \"12.0(13a)\",\n \"12.0(20)\",\n \"12.0(28b)\",\n \"12.0(7)\",\n \"12.0(25)\",\n \"12.0(15b)\",\n \"12.0(28d)\",\n \"12.0(26)\",\n \"12.0(3)\",\n \"12.0(15)\",\n \"12.0(11a)\",\n \"12.0(4)\",\n \"12.0(15a)\",\n \"12.0(4b)\",\n \"12.0(8)\",\n \"12.0(21a)\",\n \"12.0(22)\",\n \"12.0(19b)\",\n \"12.0(18b)\",\n \"12.0(17a)\",\n \"12.0(1a)\",\n \"12.0(4a)\",\n \"12.0(10)\",\n \"12.0(24)\",\n \"12.0(12)\",\n \"12.0(11)\",\n \"12.0(23)\",\n \"12.0(14)\",\n \"12.0(5a)\",\n \"12.0(20a)\",\n \"12.0(14a)\",\n \"12.0(2b)\",\n \"12.0(12a)\",\n \"12.0(6a)\",\n \"12.0(7a)\",\n \"12.0(3d)\",\n \"12.0(28a)\",\n \"12.0(9a)\",\n \"12.0(3b)\",\n \"12.0(28)\",\n \"12.0(10a)\",\n \"12.0(21)\",\n \"12.0(5)\",\n \"12.0(27)\",\n \"12.0(3c)\",\n \"12.1(1)XB\",\n \"12.1(3)XK\",\n \"12.0(5)XE5\",\n \"12.0(3)XE1\",\n \"12.0(5)XE\",\n \"12.0(2)XE4\",\n \"12.0(5)XE8\",\n \"12.0(2)XE3\",\n \"12.0(5)XE7\",\n \"12.0(4)XE2\",\n \"12.0(3)XE\",\n \"12.0(2)XE1\",\n \"12.0(3)XE2\",\n \"12.0(5)XE4\",\n \"12.0(4)XE1\",\n \"12.0(5)XE2\",\n \"12.0(5)XE1\",\n \"12.0(7)XE2\",\n \"12.0(4)XE\",\n \"12.0(5)XE6\",\n \"12.0(2)XE\",\n \"12.0(7)XE1\",\n \"12.0(2)XE2\",\n \"12.0(1)XE\",\n \"12.0(5)XE3\",\n \"12.0(10)SC\",\n \"12.0(11)SC\",\n \"12.0(12)SC\",\n \"12.0(13)SC\",\n \"12.0(14)SC\",\n \"12.0(15)SC\",\n \"12.0(16)SC\",\n \"12.0(6)SC\",\n \"12.0(7)SC\",\n \"12.0(8)SC\",\n \"12.0(9)SC\",\n \"12.0(16)SC3\",\n \"12.0(16)SC1\",\n \"12.0(8)SC1\",\n \"12.0(16)SC2\",\n \"12.0(10)SC1\",\n \"12.0(15)SC1\",\n \"12.1(4)CX\",\n \"12.1(7)CX\",\n \"12.1(7)CX1\",\n \"12.1(10)EC\",\n \"12.1(12c)EC\",\n \"12.1(13)EC\",\n \"12.1(19)EC\",\n \"12.1(20)EC\",\n \"12.1(22)EC\",\n \"12.1(3a)EC\",\n \"12.1(4)EC\",\n \"12.1(5)EC\",\n \"12.1(6)EC\",\n \"12.1(7)EC\",\n \"12.1(8)EC\",\n \"12.1(11b)EC\",\n \"12.1(2)EC\",\n \"12.1(13)EC1\",\n \"12.1(11b)EC1\",\n \"12.1(9)EC1\",\n \"12.1(20)EC2\",\n \"12.1(20)EC3\",\n \"12.1(8)EC1\",\n \"12.1(3a)EC1\",\n \"12.1(5)EC1\",\n \"12.1(19)EC1\",\n \"12.1(22)EC1\",\n \"12.1(20)EC1\",\n \"12.1(13)EC2\",\n \"12.1(2)EC1\",\n \"12.1(12c)EC1\",\n \"12.1(13)EC3\",\n \"12.1(6)EC1\",\n \"12.1(13)EC4\",\n \"12.1(10)EC1\",\n \"12.2(15)BC2a\",\n \"12.2(15)BC1a\",\n \"12.2(4)BC1a\",\n \"12.2(15)BC1b\",\n \"12.2(11)BC1\",\n \"12.2(15)BC2d\",\n \"12.2(11)BC3a\",\n \"12.2(15)BC2g\",\n \"12.2(11)BC3c\",\n \"12.2(15)BC1g\",\n \"12.2(8)BC2\",\n \"12.2(11)BC1b\",\n \"12.2(8)BC1\",\n \"12.2(15)BC2i\",\n \"12.2(15)BC1c\",\n \"12.2(15)BC2c\",\n \"12.2(15)BC2f\",\n \"12.2(15)BC1d\",\n \"12.2(15)BC1\",\n \"12.2(4)BC1\",\n \"12.2(8)BC2a\",\n \"12.2(11)BC2\",\n \"12.2(11)BC3b\",\n \"12.2(11)BC3d\",\n \"12.2(15)BC2\",\n \"12.2(11)BC3\",\n \"12.2(11)BC2a\",\n \"12.2(15)BC2e\",\n \"12.2(4)BC1b\",\n \"12.2(11)BC1a\",\n \"12.2(15)BC1e\",\n \"12.2(15)BC2h\",\n \"12.2(15)BC1f\",\n \"12.2(15)BC2b\",\n \"12.2(2)XF\",\n \"12.2(4)XF\",\n \"12.2(2)XF2\",\n \"12.2(1)XF1\",\n \"12.2(2)XF1\",\n \"12.2(4)XF1\",\n \"12.2(1)XF\",\n \"12.0(3)XG\",\n \"12.0(4)XI\",\n \"12.0(4)XI2\",\n \"12.0(4)XI1\",\n \"12.0(7)XK2\",\n \"12.0(5)XK1\",\n \"12.0(7)XK1\",\n \"12.0(5)XK2\",\n \"12.0(7)XK3\",\n \"12.0(5)XK\",\n \"12.0(7)XK\",\n \"12.0(4)XM1\",\n \"12.0(4)XM\",\n \"12.0(5)XQ\",\n \"12.0(5)XQ1\",\n \"12.0(7)XR3\",\n \"12.0(6)XR\",\n \"12.0(7)XR\",\n \"12.0(7)XR2\",\n \"12.0(7)XR4\",\n \"12.0(7)XR1\",\n \"12.0(7)XV\",\n \"12.1(5a)E\",\n \"12.1(13)E14\",\n \"12.1(8b)E18\",\n \"12.1(8b)E14\",\n \"12.1(8b)E15\",\n \"12.1(22)E2\",\n \"12.1(8b)E12\",\n \"12.1(26)E\",\n \"12.1(23)E\",\n \"12.1(8b)E11\",\n \"12.1(12c)E1\",\n \"12.1(13)E\",\n \"12.1(13)E9\",\n \"12.1(13)E7\",\n \"12.1(13)E13\",\n \"12.1(13)E11\",\n \"12.1(20)E3\",\n \"12.1(20)E\",\n \"12.1(1)E\",\n \"12.1(10)E\",\n \"12.1(11b)E\",\n \"12.1(12c)E\",\n \"12.1(14)E\",\n \"12.1(19)E\",\n \"12.1(2)E\",\n \"12.1(22)E\",\n \"12.1(3a)E\",\n \"12.1(4)E\",\n \"12.1(6)E\",\n \"12.1(7)E\",\n \"12.1(8a)E\",\n \"12.1(9)E\",\n \"12.1(27b)E\",\n \"12.1(26)E7\",\n \"12.1(27b)E1\",\n \"12.1(5a)E6\",\n \"12.1(10)E5\",\n \"12.1(23)E4\",\n \"12.1(26)E8\",\n \"12.1(19)E6\",\n \"12.1(8a)E3\",\n \"12.1(14)E4\",\n \"12.1(5b)E7\",\n \"12.1(9)E2\",\n \"12.1(11b)E12\",\n \"12.1(4)E2\",\n \"12.1(3a)E7\",\n \"12.1(6)E5\",\n \"12.1(10)E6\",\n \"12.1(14)E3\",\n \"12.1(11b)E4\",\n \"12.1(13)E4\",\n \"12.1(7)E0a\",\n \"12.1(5a)E1\",\n \"12.1(26)E3\",\n \"12.1(20)E5\",\n \"12.1(5c)E9\",\n \"12.1(13)E16\",\n \"12.1(6)E7\",\n \"12.1(8b)E20\",\n \"12.1(22)E5\",\n \"12.1(20)E4\",\n \"12.1(27b)E3\",\n \"12.1(7a)E5\",\n \"12.1(8b)E6\",\n \"12.1(22)E6\",\n \"12.1(6)E6\",\n \"12.1(9)E3\",\n \"12.1(14)E6\",\n \"12.1(6)E3\",\n \"12.1(10)E7\",\n \"12.1(3a)E4\",\n \"12.1(8b)E7\",\n \"12.1(6)E13\",\n \"12.1(8b)E8\",\n \"12.1(3a)E1\",\n \"12.1(7a)E1a\",\n \"12.1(13)E3\",\n \"12.1(6)E8\",\n \"12.1(19)E3\",\n \"12.1(13)E15\",\n \"12.1(13)E6\",\n \"12.1(26)E5\",\n \"12.1(4)E3\",\n \"12.1(1)E6\",\n \"12.1(8b)E10\",\n \"12.1(2)E2\",\n \"12.1(12c)E4\",\n \"12.1(20)E2\",\n \"12.1(11b)E5\",\n \"12.1(5a)E2\",\n \"12.1(6)E2\",\n \"12.1(22)E3\",\n \"12.1(1)E1\",\n \"12.1(7a)E3\",\n \"12.1(27b)E4\",\n \"12.1(20)E1\",\n \"12.1(22)E4\",\n \"12.1(7a)E4\",\n \"12.1(8b)E9\",\n \"12.1(1)E5\",\n \"12.1(5c)E12\",\n \"12.1(26)E2\",\n \"12.1(22)E1\",\n \"12.1(5c)E8\",\n \"12.1(13)E17\",\n \"12.1(10)E1\",\n \"12.1(7a)E6\",\n \"12.1(1)E4\",\n \"12.1(10)E6a\",\n \"12.1(23)E2\",\n \"12.1(13)E1\",\n \"12.1(4)E1\",\n \"12.1(3a)E6\",\n \"12.1(12c)E6\",\n \"12.1(26)E4\",\n \"12.1(19)E2\",\n \"12.1(11b)E3\",\n \"12.1(14)E10\",\n \"12.1(13)E10\",\n \"12.1(23)E1\",\n \"12.1(11b)E14\",\n \"12.1(2)E1\",\n \"12.1(10)E2\",\n \"12.1(8a)E1\",\n \"12.1(19)E7\",\n \"12.1(5a)E3\",\n \"12.1(26)E9\",\n \"12.1(8a)E4\",\n \"12.1(14)E5\",\n \"12.1(12c)E3\",\n \"12.1(11b)E2\",\n \"12.1(6)E1\",\n \"12.1(1)E2\",\n \"12.1(27b)E2\",\n \"12.1(10)E3\",\n \"12.1(8b)E13\",\n \"12.1(7a)E2\",\n \"12.1(8a)E5\",\n \"12.1(19)E1\",\n \"12.1(14)E2\",\n \"12.1(12c)E2\",\n \"12.1(11b)E1\",\n \"12.1(11b)E7\",\n \"12.1(11b)E10\",\n \"12.1(1)E3\",\n \"12.1(12c)E5\",\n \"12.1(11b)E0a\",\n \"12.1(10)E8\",\n \"12.1(14)E1\",\n \"12.1(3a)E8\",\n \"12.1(13)E2\",\n \"12.1(26)E1\",\n \"12.1(11b)E11\",\n \"12.1(6)E4\",\n \"12.1(5a)E4\",\n \"12.1(8a)E2\",\n \"12.1(19)E4\",\n \"12.1(5c)E10\",\n \"12.1(26)E6\",\n \"12.1(7a)E1\",\n \"12.1(13)E5\",\n \"12.1(13)E12\",\n \"12.1(3a)E3\",\n \"12.1(23)E3\",\n \"12.1(3a)E5\",\n \"12.1(20)E6\",\n \"12.1(8b)E19\",\n \"12.1(14)E7\",\n \"12.1(9)E1\",\n \"12.1(13)E8\",\n \"12.1(10)E4\",\n \"12.1(1)XC1\",\n \"12.1(1)XC\",\n \"12.1(2a)XH2\",\n \"12.1(2a)XH1\",\n \"12.1(2a)XH3\",\n \"12.1(2a)XH\",\n \"12.1(5)XM4\",\n \"12.1(5)XM6\",\n \"12.1(5)XM8\",\n \"12.1(5)XM3\",\n \"12.1(5)XM2\",\n \"12.1(5)XM5\",\n \"12.1(5)XM1\",\n \"12.1(5)XM\",\n \"12.1(5)XM7\",\n \"12.1(3)XP3\",\n \"12.1(3)XP\",\n \"12.1(3)XP1\",\n \"12.1(3)XP4\",\n \"12.1(3)XP2\",\n \"12.1(3)XT1\",\n \"12.1(3)XT2\",\n \"12.1(3)XT\",\n \"12.1(2)XT2\",\n \"12.1(5)YB1\",\n \"12.1(5)YB3\",\n \"12.1(5)YB2\",\n \"12.1(5)YB5\",\n \"12.1(5)YB\",\n \"12.1(5)YB4\",\n \"12.1(5)YC\",\n \"12.1(5)YC3\",\n \"12.1(5)YC2\",\n \"12.1(5)YC1\",\n \"12.2(2)DD\",\n \"12.2(2)DD4\",\n \"12.2(2)DD3\",\n \"12.2(2)DD2\",\n \"12.2(2)DD1\",\n \"12.2(1)XD\",\n \"12.2(1)XD2\",\n \"12.2(1)XD4\",\n \"12.2(1)XD3\",\n \"12.2(1)XD1\",\n \"12.2(1)XE\",\n \"12.2(1)XE1\",\n \"12.2(1)XE2\",\n \"12.2(2)XH\",\n \"12.2(2)XH1\",\n \"12.2(2)XH2\",\n \"12.2(2)XI\",\n \"12.2(2)XI1\",\n \"12.2(2)XI2\",\n \"12.2(2)XJ\",\n \"12.2(2)XK\",\n \"12.2(2)XK1\",\n \"12.2(2)XK3\",\n \"12.2(2)XK2\",\n \"12.2(2)XQ\",\n \"12.2(2)XQ1\",\n \"12.0(1)T\",\n \"12.0(3)T1\",\n \"12.0(2a)T1\",\n \"12.0(2)T\",\n \"12.0(4)T\",\n \"12.0(3)T3\",\n \"12.0(7)T3\",\n \"12.0(7)T2\",\n \"12.0(7)T\",\n \"12.0(5)T\",\n \"12.0(3)T\",\n \"12.0(5)T1\",\n \"12.0(4)T1\",\n \"12.0(5)T2\",\n \"12.0(3)T2\",\n \"12.0(2)T1\",\n \"12.1(5)YE2\",\n \"12.1(5)YE5\",\n \"12.1(5)YE4\",\n \"12.1(5)YE\",\n \"12.1(5)YE1\",\n \"12.1(5)YE3\",\n \"12.1(5)YE6\",\n \"12.1(1)T\",\n \"12.1(5)T2\",\n \"12.1(5)T10\",\n \"12.1(5)T8a\",\n \"12.1(5)T9\",\n \"12.1(3)T\",\n \"12.1(2a)T1\",\n \"12.1(5)T17\",\n \"12.1(5)T11\",\n \"12.1(5)T15\",\n \"12.1(5)T20\",\n \"12.1(5)T4\",\n \"12.1(5)T3\",\n \"12.1(5)T14\",\n \"12.1(5)T8b\",\n \"12.1(3a)T1\",\n \"12.1(3a)T5\",\n \"12.1(3a)T7\",\n \"12.1(3a)T2\",\n \"12.1(3a)T6\",\n \"12.1(3a)T3\",\n \"12.1(5)T6\",\n \"12.1(2)T\",\n \"12.1(5)T12\",\n \"12.1(5)T7\",\n \"12.1(1a)T1\",\n \"12.1(5)T\",\n \"12.1(3a)T8\",\n \"12.1(3a)T4\",\n \"12.1(5)T8\",\n \"12.1(5)T19\",\n \"12.1(5)T1\",\n \"12.1(5)T18\",\n \"12.1(2a)T2\",\n \"12.1(5)T5\",\n \"12.0(1)XA2\",\n \"12.0(1)XA\",\n \"12.0(1)XA4\",\n \"12.0(1)XA3\",\n \"12.0(1)XA1\",\n \"12.0(1)XB1\",\n \"12.0(1)XB\",\n \"12.1(6)EZ\",\n \"12.1(6)EZ2\",\n \"12.1(6)EZ5\",\n \"12.1(6)EZ3\",\n \"12.1(6)EZ1\",\n \"12.1(6)EZ4\",\n \"12.1(6)EZ6\",\n \"12.1(5)YA2\",\n \"12.1(5)YA1\",\n \"12.1(5)YA\",\n \"12.1(5)XV3\",\n \"12.1(5)XV4\",\n \"12.1(5)XV1\",\n \"12.1(5)XV2\",\n \"12.1(5)XV\",\n \"12.1(1)XA1\",\n \"12.1(1)XA3\",\n \"12.1(1)XA4\",\n \"12.1(1)XA\",\n \"12.1(1)XA2\",\n \"12.1(1)XD1\",\n \"12.1(1)XD2\",\n \"12.1(1)XD\",\n \"12.1(1)XE\",\n \"12.1(1)XE1\",\n \"12.1(5)XR1\",\n \"12.1(5)XR2\",\n \"12.1(5)XR\",\n \"12.1(5)XS5\",\n \"12.1(5)XS4\",\n \"12.1(1)XS\",\n \"12.1(3)XS\",\n \"12.1(5)XS3\",\n \"12.1(5)XS2\",\n \"12.1(5)XS\",\n \"12.1(5)XS1\",\n \"12.1(10)EY\",\n \"12.1(5)EY\",\n \"12.1(6)EY\",\n \"12.1(7a)EY\",\n \"12.1(12c)EY\",\n \"12.1(5)EY2\",\n \"12.1(7a)EY3\",\n \"12.1(1)EY\",\n \"12.1(7a)EY2\",\n \"12.1(7a)EY1\",\n \"12.1(5)EY1\",\n \"12.1(6)EY1\",\n \"12.1(1)DB\",\n \"12.1(1)DB2\",\n \"12.1(4)DB\",\n \"12.1(1)DB1\",\n \"12.1(5)DB2\",\n \"12.1(3)DB1\",\n \"12.1(4)DB1\",\n \"12.1(5)DB\",\n \"12.1(3)DB\",\n \"12.1(4)DB2\",\n \"12.1(5)DB1\",\n \"12.1(5)DC2\",\n \"12.1(4)DC2\",\n \"12.1(4)DC3\",\n \"12.1(1)DC1\",\n \"12.1(3)DC1\",\n \"12.1(4)DC\",\n \"12.1(3)DC2\",\n \"12.1(5)DC1\",\n \"12.1(1)DC\",\n \"12.1(3)DC\",\n \"12.1(5)DC\",\n \"12.1(1)DC2\",\n \"12.1(4)DC1\",\n \"12.1(5)DC3\",\n \"12.0(5)DA\",\n \"12.0(8)DA1\",\n \"12.0(6)DA\",\n \"12.0(8)DA4\",\n \"12.0(8)DA\",\n \"12.0(8)DA3\",\n \"12.0(5)DA1\",\n \"12.0(10)SL\",\n \"12.0(11)SL\",\n \"12.0(14)SL\",\n \"12.0(15)SL\",\n \"12.0(17)SL\",\n \"12.0(19)SL\",\n \"12.0(9)SL\",\n \"12.0(18)SL\",\n \"12.0(11)SL1\",\n \"12.0(19)SL4\",\n \"12.0(17)SL4\",\n \"12.0(17)SL1\",\n \"12.0(17)SL3\",\n \"12.0(17)SL6\",\n \"12.0(17)SL5\",\n \"12.0(9)SL1\",\n \"12.0(19)SL3\",\n \"12.0(17)SL8\",\n \"12.0(19)SL1\",\n \"12.0(14)SL1\",\n \"12.0(9)SL2\",\n \"12.0(19)SL2\",\n \"12.0(17)SL2\",\n \"12.0(4)XH\",\n \"12.0(2)XH\",\n \"12.0(2)XH1\",\n \"12.0(4)XH1\",\n \"12.0(4)XH2\",\n \"12.0(4)XH3\",\n \"12.0(4)XH4\",\n \"12.0(4)XJ5\",\n \"12.0(4)XJ3\",\n \"12.0(4)XJ\",\n \"12.0(4)XJ6\",\n \"12.0(4)XJ1\",\n \"12.0(4)XJ2\",\n \"12.0(4)XJ4\",\n \"12.1(10)AA\",\n \"12.1(1)AA1\",\n \"12.1(2a)AA\",\n \"12.1(1)AA\",\n \"12.1(1)AA2\",\n \"12.1(4)AA\",\n \"12.1(8)AA1\",\n \"12.1(3)AA\",\n \"12.1(9)AA\",\n \"12.1(8)AA\",\n \"12.1(5)AA\",\n \"12.1(6)AA\",\n \"12.1(7)AA\",\n \"12.1(5)DA1\",\n \"12.1(7)DA2\",\n \"12.1(3)DA\",\n \"12.1(4)DA\",\n \"12.1(1)DA1\",\n \"12.1(7)DA\",\n \"12.1(7)DA3\",\n \"12.1(6)DA2\",\n \"12.1(5)DA\",\n \"12.1(6)DA\",\n \"12.1(7)DA1\",\n \"12.1(6)DA1\",\n \"12.1(1)DA\",\n \"12.1(2)DA\",\n \"12.0(10)SX\",\n \"12.0(21)SX\",\n \"12.0(23)SX\",\n \"12.0(25)SX\",\n \"12.0(25)SX10\",\n \"12.0(25)SX3\",\n \"12.0(25)SX8\",\n \"12.0(23)SX2\",\n \"12.0(25)SX5\",\n \"12.0(23)SX4\",\n \"12.0(25)SX6\",\n \"12.0(23)SX3\",\n \"12.0(23)SX1\",\n \"12.0(21)SX1\",\n \"12.0(25)SX9\",\n \"12.0(25)SX6e\",\n \"12.0(25)SX1\",\n \"12.0(25)SX4\",\n \"12.0(23)SX5\",\n \"12.0(25)SX2\",\n \"12.0(25)SX7\",\n \"12.1(1)EX\",\n \"12.1(5c)EX\",\n \"12.1(8a)EX\",\n \"12.1(9)EX\",\n \"12.1(10)EX\",\n \"12.1(11b)EX\",\n \"12.1(12c)EX\",\n \"12.1(13)EX\",\n \"12.1(6)EX\",\n \"12.1(13)EX3\",\n \"12.1(9)EX1\",\n \"12.1(8b)EX3\",\n \"12.1(10)EX2\",\n \"12.1(5c)EX1\",\n \"12.1(1)EX1\",\n \"12.1(8b)EX5\",\n \"12.1(12c)EX1\",\n \"12.1(10)EX1\",\n \"12.1(8a)EX1\",\n \"12.1(8b)EX2\",\n \"12.1(13)EX1\",\n \"12.1(11b)EX1\",\n \"12.1(8b)EX4\",\n \"12.1(9)EX3\",\n \"12.1(9)EX2\",\n \"12.1(5c)EX3\",\n \"12.1(5c)EX2\",\n \"12.1(13)EX2\",\n \"12.1(22)EA8\",\n \"12.1(11)EA1a\",\n \"12.1(22)EA12\",\n \"12.1(22)EA6\",\n \"12.1(14)EA1\",\n \"12.1(19)EA1b\",\n \"12.1(22)EA3\",\n \"12.1(14)EA1b\",\n \"12.1(20)EA2\",\n \"12.1(22)EA4a\",\n \"12.1(14)EA1a\",\n \"12.1(22)EA5a\",\n \"12.1(22)EA13\",\n \"12.1(22)EA1a\",\n \"12.1(12c)EA1a\",\n \"12.1(13)EA1c\",\n \"12.1(22)EA1b\",\n \"12.1(8)EA1c\",\n \"12.1(22)EA5\",\n \"12.1(22)EA10b\",\n \"12.1(20)EA1a\",\n \"12.1(22)EA11\",\n \"12.1(22)EA7\",\n \"12.1(22)EA1\",\n \"12.1(13)EA1b\",\n \"12.1(20)EA1\",\n \"12.1(13)EA1\",\n \"12.1(19)EA1a\",\n \"12.1(22)EA2\",\n \"12.1(19)EA1d\",\n \"12.1(22)EA9\",\n \"12.1(9)EA1\",\n \"12.1(22)EA14\",\n \"12.1(11)EA1\",\n \"12.1(22)EA8a\",\n \"12.1(12c)EA1\",\n \"12.1(22)EA10a\",\n \"12.1(19)EA1\",\n \"12.1(19)EA1c\",\n \"12.1(6)EA1\",\n \"12.1(22)EA10\",\n \"12.1(22)EA4\",\n \"12.1(13)EA1a\",\n \"12.1(22)EA6a\",\n \"12.0(32)SY\",\n \"12.0(32)SY5\",\n \"12.0(32)SY13\",\n \"12.0(32)SY2\",\n \"12.0(32)SY7\",\n \"12.0(32)SY1\",\n \"12.0(32)SY9a\",\n \"12.0(32)SY9\",\n \"12.0(32)SY11\",\n \"12.0(32)SY6\",\n \"12.0(32)SY4\",\n \"12.0(32)SY10\",\n \"12.0(32)SY8\",\n \"12.0(32)SY12\",\n \"12.0(32)SY3\",\n \"12.0(32)SY14\",\n \"12.0(32)SY15\",\n \"12.0(32)SY16\",\n \"12.0(21)SZ\",\n \"12.0(30)SZ9\",\n \"12.0(31)SZ3\",\n \"12.0(23)SZ3\",\n \"12.0(30)SZ8\",\n \"12.0(30)SZ5\",\n \"12.0(30)SZ4\",\n \"12.0(30)SZ10\",\n \"12.0(30)SZ6\",\n \"12.1(14)AX\",\n \"12.1(14)AX3\",\n \"12.1(14)AX4\",\n \"12.1(11)AX\",\n \"12.1(14)AX1\",\n \"12.1(14)AX2\",\n \"12.1(13)AY\",\n \"12.1(22)AY1\",\n \"12.1(13)EB\",\n \"12.1(14)EB\",\n \"12.1(19)EB\",\n \"12.1(20)EB\",\n \"12.1(22)EB\",\n \"12.1(23)EB\",\n \"12.1(26)EB\",\n \"12.1(13)EB1\",\n \"12.1(26)EB3\",\n \"12.1(27)EB\",\n \"12.1(26)EB1\",\n \"12.1(14)EB1\",\n \"12.1(10)EV\",\n \"12.1(12c)EV\",\n \"12.1(10)EV3\",\n \"12.1(10)EV1a\",\n \"12.1(12c)EV3\",\n \"12.1(10)EV1\",\n \"12.1(10)EV4\",\n \"12.1(10)EV2\",\n \"12.1(12c)EV1\",\n \"12.1(12c)EV2\",\n \"12.1(11b)EW\",\n \"12.1(12c)EW\",\n \"12.1(13)EW\",\n \"12.1(19)EW\",\n \"12.1(20)EW\",\n \"12.1(8a)EW\",\n \"12.1(13)EW4\",\n \"12.1(12c)EW4\",\n \"12.1(20)EW2\",\n \"12.1(19)EW3\",\n \"12.1(20)EW1\",\n \"12.1(19)EW2\",\n \"12.1(13)EW3\",\n \"12.1(13)EW2\",\n \"12.1(11b)EW1\",\n \"12.1(8a)EW1\",\n \"12.1(12c)EW1\",\n \"12.1(19)EW1\",\n \"12.1(12c)EW3\",\n \"12.1(20)EW3\",\n \"12.1(12c)EW2\",\n \"12.1(13)EW1\",\n \"12.1(20)EW4\",\n \"12.1(11)YJ4\",\n \"12.1(11)YJ1\",\n \"12.1(11)YJ2\",\n \"12.1(11)YJ\",\n \"12.1(11)YJ3\",\n \"12.1(5)YH3\",\n \"12.1(5)YH1\",\n \"12.1(5)YH\",\n \"12.1(5)YH4\",\n \"12.1(5)YH2\",\n \"12.2(4)BW\",\n \"12.2(4)BW1a\",\n \"12.2(4)BW2\",\n \"12.2(4)BW1\",\n \"12.2(2)BX\",\n \"12.2(15)BX\",\n \"12.2(16)BX\",\n \"12.2(16)BX2\",\n \"12.2(2)BX1\",\n \"12.2(16)BX3\",\n \"12.2(16)BX1\",\n \"12.2(4)BZ1\",\n \"12.2(15)BZ2\",\n \"12.2(4)BZ2\",\n \"12.2(11)CX\",\n \"12.2(15)CX\",\n \"12.2(15)CX1\",\n \"12.2(11)CX1\",\n \"12.2(33)CX\",\n \"12.2(11)CY\",\n \"12.2(33)CY\",\n \"12.2(33)CY1\",\n \"12.2(33)CY3\",\n \"12.2(33)CY2\",\n \"12.2(1)DX\",\n \"12.2(1)DX1\",\n \"12.2(2)DX3\",\n \"12.2(4)JA\",\n \"12.2(4)JA1\",\n \"12.2(8)JA\",\n \"12.2(11)JA\",\n \"12.2(11)JA1\",\n \"12.2(13)JA\",\n \"12.2(15)JA\",\n \"12.2(13)JA2\",\n \"12.2(13)JA1\",\n \"12.2(13)JA4\",\n \"12.2(13)JA3\",\n \"12.2(11)JA3\",\n \"12.2(11)JA2\",\n \"12.2(4)MB7\",\n \"12.2(4)MB4\",\n \"12.2(4)MB10\",\n \"12.2(4)MB9\",\n \"12.2(4)MB3\",\n \"12.2(4)MB6\",\n \"12.2(1)MB1\",\n \"12.2(4)MB12\",\n \"12.2(4)MB13a\",\n \"12.2(4)MB1\",\n \"12.2(4)MB13\",\n \"12.2(4)MB5\",\n \"12.2(4)MB13c\",\n \"12.2(4)MB11\",\n \"12.2(4)MB13b\",\n \"12.2(4)MB2\",\n \"12.2(4)MB8\",\n \"12.2(4)MB9a\",\n \"12.2(15)MC1c\",\n \"12.2(15)MC2g\",\n \"12.2(8)MC2\",\n \"12.2(15)MC2k\",\n \"12.2(8)MC2d\",\n \"12.2(15)MC1b\",\n \"12.2(15)MC2b\",\n \"12.2(15)MC2a\",\n \"12.2(15)MC2m\",\n \"12.2(15)MC1\",\n \"12.2(15)MC2\",\n \"12.2(15)MC2f\",\n \"12.2(8)MC2b\",\n \"12.2(15)MC2j\",\n \"12.2(8)MC2c\",\n \"12.2(15)MC2n\",\n \"12.2(15)MC2e\",\n \"12.2(8)MC2a\",\n \"12.2(15)MC1a\",\n \"12.2(15)MC2c\",\n \"12.2(15)MC2i\",\n \"12.2(15)MC2h\",\n \"12.2(8)MC1\",\n \"12.2(15)MC2l\",\n \"12.2(14)SY\",\n \"12.2(14)SY1\",\n \"12.2(14)SY4\",\n \"12.2(50)SY\",\n \"12.2(14)SY5\",\n \"12.2(14)SY2\",\n \"12.2(14)SY3\",\n \"12.2(50)SY1\",\n \"12.2(50)SY2\",\n \"12.2(50)SY3\",\n \"12.2(50)SY4\",\n \"12.2(14)SZ\",\n \"12.2(14)SZ5\",\n \"12.2(14)SZ6\",\n \"12.2(14)SZ3\",\n \"12.2(14)SZ4\",\n \"12.2(14)SZ1\",\n \"12.2(14)SZ2\",\n \"12.2(2)XU\",\n \"12.2(8)YJ\",\n \"12.2(8)YJ1\",\n \"12.2(11)YT\",\n \"12.2(11)YT1\",\n \"12.2(11)YT2\",\n \"12.2(8)YN\",\n \"12.2(8)YN1\",\n \"12.2(9)YO\",\n \"12.2(9)YO3\",\n \"12.2(9)YO2\",\n \"12.2(9)YO1\",\n \"12.2(9)YO4\",\n \"12.2(1a)XC\",\n \"12.2(2)XC\",\n \"12.2(1a)XC1\",\n \"12.2(1a)XC3\",\n \"12.2(2)XC1\",\n \"12.2(1a)XC2\",\n \"12.2(2)XC2\",\n \"12.2(11)YP3\",\n \"12.2(2)YK\",\n \"12.2(2)YK1\",\n \"12.2(8)YL\",\n \"12.2(8)YM\",\n \"12.2(11)YU\",\n \"12.2(11)YV\",\n \"12.2(11)YV1\",\n \"12.2(11)YQ\",\n \"12.2(11)YR\",\n \"12.2(8)YW2\",\n \"12.2(8)YW\",\n \"12.2(8)YW3\",\n \"12.2(8)YW1\",\n \"12.2(11)YX\",\n \"12.2(11)YX1\",\n \"12.2(8)YY\",\n \"12.2(8)YY4\",\n \"12.2(8)YY3\",\n \"12.2(8)YY2\",\n \"12.2(8)YY1\",\n \"12.2(11)YZ\",\n \"12.2(11)YZ1\",\n \"12.2(11)YZ2\",\n \"12.2(9)ZA\",\n \"12.2(14)ZA\",\n \"12.2(14)ZA3\",\n \"12.2(14)ZA2\",\n \"12.2(14)ZA5\",\n \"12.2(14)ZA4\",\n \"12.2(14)ZA6\",\n \"12.2(14)ZA7\",\n \"12.2(8)ZB\",\n \"12.2(8)ZB3\",\n \"12.2(8)ZB2\",\n \"12.2(8)ZB7\",\n \"12.2(8)ZB6\",\n \"12.2(8)ZB4\",\n \"12.2(8)ZB8\",\n \"12.2(8)ZB1\",\n \"12.2(8)ZB4a\",\n \"12.2(8)ZB5\",\n \"12.2(11)ZC\",\n \"12.2(13)ZC\",\n \"12.2(13)ZD\",\n \"12.2(13)ZD3\",\n \"12.2(13)ZD2\",\n \"12.2(13)ZD1\",\n \"12.2(13)ZD4\",\n \"12.2(13)ZE\",\n \"12.2(13)ZF\",\n \"12.2(13)ZF2\",\n \"12.2(13)ZF1\",\n \"12.2(13)ZG\",\n \"12.2(13)ZH\",\n \"12.2(13)ZH5\",\n \"12.2(13)ZH9\",\n \"12.2(13)ZH2\",\n \"12.2(13)ZH8\",\n \"12.2(13)ZH10\",\n \"12.2(13)ZH11\",\n \"12.2(13)ZH4\",\n \"12.2(13)ZH3\",\n \"12.2(13)ZH7\",\n \"12.2(13)ZH6\",\n \"12.2(13)ZH1\",\n \"12.2(15)ZJ\",\n \"12.2(15)ZJ2\",\n \"12.2(15)ZJ1\",\n \"12.2(15)ZJ3\",\n \"12.2(15)ZJ5\",\n \"12.2(15)ZL\",\n \"12.2(15)ZL1\",\n \"12.0(4)XL1\",\n \"12.0(4)XL\",\n \"12.0(5)XN\",\n \"12.0(5)XT1\",\n \"12.1(3)XW2\",\n \"12.1(3)XW\",\n \"12.1(3)XW1\",\n \"12.2(9)YE\",\n \"12.3(9a)\",\n \"12.3(15)\",\n \"12.3(19)\",\n \"12.3(10f)\",\n \"12.3(10a)\",\n \"12.3(1)\",\n \"12.3(1a)\",\n \"12.3(10)\",\n \"12.3(10b)\",\n \"12.3(10c)\",\n \"12.3(10d)\",\n \"12.3(10e)\",\n \"12.3(12b)\",\n \"12.3(12a)\",\n \"12.3(12c)\",\n \"12.3(12d)\",\n \"12.3(12e)\",\n \"12.3(12)\",\n \"12.3(13)\",\n \"12.3(13a)\",\n \"12.3(13b)\",\n \"12.3(15a)\",\n \"12.3(16)\",\n \"12.3(17)\",\n \"12.3(17a)\",\n \"12.3(17b)\",\n \"12.3(18)\",\n \"12.3(20)\",\n \"12.3(3f)\",\n \"12.3(3e)\",\n \"12.3(3g)\",\n \"12.3(3c)\",\n \"12.3(3b)\",\n \"12.3(3a)\",\n \"12.3(3)\",\n \"12.3(3i)\",\n \"12.3(3h)\",\n \"12.3(5c)\",\n \"12.3(5b)\",\n \"12.3(5a)\",\n \"12.3(5)\",\n \"12.3(5f)\",\n \"12.3(5e)\",\n \"12.3(5d)\",\n \"12.3(6f)\",\n \"12.3(6e)\",\n \"12.3(6c)\",\n \"12.3(6b)\",\n \"12.3(6a)\",\n \"12.3(6)\",\n \"12.3(9d)\",\n \"12.3(9e)\",\n \"12.3(9)\",\n \"12.3(9b)\",\n \"12.3(9c)\",\n \"12.3(16a)\",\n \"12.3(15b)\",\n \"12.3(21)\",\n \"12.3(22)\",\n \"12.3(21b)\",\n \"12.3(23)\",\n \"12.3(26)\",\n \"12.3(20a)\",\n \"12.3(22a)\",\n \"12.3(25)\",\n \"12.3(13c)\",\n \"12.3(17c)\",\n \"12.3(24)\",\n \"12.3(19a)\",\n \"12.3(24a)\",\n \"12.3(18a)\",\n \"12.3(12f)\",\n \"12.3(8r)\",\n \"12.3(1a)B\",\n \"12.3(3)B\",\n \"12.3(5a)B\",\n \"12.3(3)B1\",\n \"12.3(5a)B3\",\n \"12.3(5a)B2\",\n \"12.3(5a)B5\",\n \"12.3(5a)B4\",\n \"12.3(5a)B1\",\n \"12.3(11)T\",\n \"12.3(7)T12\",\n \"12.3(4)T13\",\n \"12.3(11)T11\",\n \"12.3(11)T10\",\n \"12.3(14)T7\",\n \"12.3(14)T\",\n \"12.3(8)T\",\n \"12.3(2)T\",\n \"12.3(4)T\",\n \"12.3(7)T\",\n \"12.3(8)T9\",\n \"12.3(2)T9\",\n \"12.3(8)T6\",\n \"12.3(4)T2a\",\n \"12.3(4)T9\",\n \"12.3(4)T4\",\n \"12.3(2)T1\",\n \"12.3(11)T5\",\n \"12.3(7)T3\",\n \"12.3(2)T2\",\n \"12.3(8)T3\",\n \"12.3(4)T7\",\n \"12.3(8)T7\",\n \"12.3(11)T8\",\n \"12.3(7)T2\",\n \"12.3(8)T4\",\n \"12.3(8)T8\",\n \"12.3(14)T8\",\n \"12.3(14)T5\",\n \"12.3(11)T3\",\n \"12.3(4)T10\",\n \"12.3(2)T4\",\n \"12.3(8)T10\",\n \"12.3(14)T2\",\n \"12.3(4)T2\",\n \"12.3(7)T7\",\n \"12.3(7)T10\",\n \"12.3(7)T4\",\n \"12.3(11)T6\",\n \"12.3(7)T11\",\n \"12.3(4)T6\",\n \"12.3(2)T3\",\n \"12.3(2)T5\",\n \"12.3(2)T6\",\n \"12.3(4)T3\",\n \"12.3(14)T3\",\n \"12.3(2)T8\",\n \"12.3(11)T4\",\n \"12.3(7)T9\",\n \"12.3(8)T11\",\n \"12.3(11)T9\",\n \"12.3(7)T8\",\n \"12.3(4)T1\",\n \"12.3(8)T5\",\n \"12.3(14)T9\",\n \"12.3(4)T11\",\n \"12.3(4)T8\",\n \"12.3(14)T1\",\n \"12.3(11)T2\",\n \"12.3(7)T6\",\n \"12.3(2)T7\",\n \"12.3(11)T7\",\n \"12.3(7)T1\",\n \"12.3(14)T6\",\n \"12.3(8)T1\",\n \"12.2(15)CZ\",\n \"12.2(15)CZ1\",\n \"12.2(15)CZ3\",\n \"12.2(15)CZ2\",\n \"12.2(15)JK\",\n \"12.2(15)JK3\",\n \"12.2(15)JK5\",\n \"12.2(15)JK2\",\n \"12.2(15)JK1\",\n \"12.2(15)JK4\",\n \"12.2(13)ZP\",\n \"12.2(13)ZP1\",\n \"12.2(13)ZP3\",\n \"12.2(13)ZP2\",\n \"12.2(13)ZP4\",\n \"12.3(2)XA\",\n \"12.3(2)XA4\",\n \"12.3(2)XA7\",\n \"12.3(2)XA1\",\n \"12.3(2)XA3\",\n \"12.3(2)XA6\",\n \"12.3(2)XA2\",\n \"12.3(2)XA5\",\n \"12.3(2)XA8\",\n \"12.3(4)XQ\",\n \"12.3(4)XQ1\",\n \"12.3(11)XL\",\n \"12.3(11)XL1\",\n \"12.3(4)XK3\",\n \"12.3(4)XK1\",\n \"12.3(4)XK4\",\n \"12.3(4)XK\",\n \"12.3(4)XK2\",\n \"12.3(7)XJ\",\n \"12.3(7)XJ1\",\n \"12.3(7)XJ2\",\n \"12.3(7)XI8\",\n \"12.3(7)XI7\",\n \"12.3(7)XI8d\",\n \"12.3(7)XI10a\",\n \"12.3(7)XI8a\",\n \"12.3(7)XI4\",\n \"12.3(7)XI1\",\n \"12.3(7)XI1b\",\n \"12.3(7)XI7a\",\n \"12.3(7)XI2a\",\n \"12.3(7)XI10\",\n \"12.3(7)XI7b\",\n \"12.3(7)XI1c\",\n \"12.3(7)XI9\",\n \"12.3(7)XI3\",\n \"12.3(7)XI6\",\n \"12.3(7)XI8c\",\n \"12.3(7)XI2\",\n \"12.3(7)XI5\",\n \"12.3(7)XI8ba\",\n \"12.3(4)XG\",\n \"12.3(4)XG3\",\n \"12.3(4)XG1\",\n \"12.3(4)XG4\",\n \"12.3(4)XG2\",\n \"12.3(4)XG5\",\n \"12.3(2)XF\",\n \"12.3(2)XE\",\n \"12.3(2)XE5\",\n \"12.3(2)XE2\",\n \"12.3(2)XE1\",\n \"12.3(2)XE4\",\n \"12.3(2)XE6\",\n \"12.3(2)XE3\",\n \"12.3(4)XD\",\n \"12.3(4)XD4\",\n \"12.3(4)XD1\",\n \"12.3(4)XD3\",\n \"12.3(4)XD2\",\n \"12.3(2)XC\",\n \"12.3(2)XC4\",\n \"12.3(2)XC3\",\n \"12.3(2)XC2\",\n \"12.3(2)XC1\",\n \"12.3(2)XC5\",\n \"12.3(2)XC6\",\n \"12.3(2)XB2\",\n \"12.3(2)XB\",\n \"12.3(2)XB3\",\n \"12.3(2)XB1\",\n \"12.2(18)EW\",\n \"12.2(20)EW\",\n \"12.2(25)EW\",\n \"12.2(20)EW2\",\n \"12.2(18)EW5\",\n \"12.2(18)EW1\",\n \"12.2(20)EW1\",\n \"12.2(20)EW4\",\n \"12.2(18)EW2\",\n \"12.2(18)EW6\",\n \"12.2(18)EW4\",\n \"12.2(18)EW7\",\n \"12.2(18)EW3\",\n \"12.2(20)EW3\",\n \"12.2(20)EWA\",\n \"12.2(25)EWA\",\n \"12.2(25)EWA6\",\n \"12.2(25)EWA5\",\n \"12.2(25)EWA1\",\n \"12.2(25)EWA10\",\n \"12.2(25)EWA8\",\n \"12.2(20)EWA1\",\n \"12.2(25)EWA11\",\n \"12.2(25)EWA9\",\n \"12.2(25)EWA2\",\n \"12.2(25)EWA14\",\n \"12.2(25)EWA4\",\n \"12.2(20)EWA3\",\n \"12.2(25)EWA3\",\n \"12.2(25)EWA7\",\n \"12.2(20)EWA4\",\n \"12.2(25)EWA12\",\n \"12.2(25)EWA13\",\n \"12.2(20)EWA2\",\n \"12.2(14)SU\",\n \"12.2(14)SU1\",\n \"12.2(14)SU2\",\n \"12.2(35)SE\",\n \"12.2(18)SE\",\n \"12.2(20)SE\",\n \"12.2(25)SE\",\n \"12.2(37)SE\",\n \"12.2(53)SE1\",\n \"12.2(55)SE\",\n \"12.2(25)SE2\",\n \"12.2(40)SE2\",\n \"12.2(46)SE\",\n \"12.2(46)SE2\",\n \"12.2(50)SE2\",\n \"12.2(35)SE5\",\n \"12.2(50)SE1\",\n \"12.2(44)SE2\",\n \"12.2(20)SE3\",\n \"12.2(35)SE1\",\n \"12.2(50)SE5\",\n \"12.2(35)SE4\",\n \"12.2(44)SE1\",\n \"12.2(53)SE\",\n \"12.2(37)SE1\",\n \"12.2(25)SE3\",\n \"12.2(35)SE3\",\n \"12.2(44)SE4\",\n \"12.2(55)SE3\",\n \"12.2(33)SE\",\n \"12.2(57)SE\",\n \"12.2(55)SE2\",\n \"12.2(40)SE\",\n \"12.2(44)SE\",\n \"12.2(52)SE\",\n \"12.2(58)SE\",\n \"12.2(50)SE3\",\n \"12.2(55)SE1\",\n \"12.2(35)SE2\",\n \"12.2(18)SE1\",\n \"12.2(40)SE1\",\n \"12.2(20)SE1\",\n \"12.2(44)SE6\",\n \"12.2(36)SE\",\n \"12.2(37)SE2\",\n \"12.2(44)SE3\",\n \"12.2(53)SE2\",\n \"12.2(52)SE1\",\n \"12.2(53)SE3\",\n \"12.2(46)SE1\",\n \"12.2(20)SE2\",\n \"12.2(54)SE\",\n \"12.2(44)SE5\",\n \"12.2(50)SE4\",\n \"12.2(47)SE\",\n \"12.2(50)SE\",\n \"12.2(20)SE4\",\n \"12.2(58)SE1\",\n \"12.2(55)SE4\",\n \"12.2(58)SE2\",\n \"12.2(55)SE5\",\n \"12.2(55)SE6\",\n \"12.2(55)SE7\",\n \"12.2(55)SE8\",\n \"12.2(55)SE9\",\n \"12.2(55)SE10\",\n \"12.2(55)SE11\",\n \"12.2(55)SE12\",\n \"12.2(27)SV\",\n \"12.2(28)SV\",\n \"12.2(18)SV\",\n \"12.2(22)SV\",\n \"12.2(23)SV\",\n \"12.2(24)SV\",\n \"12.2(25)SV\",\n \"12.2(26)SV\",\n \"12.2(29a)SV\",\n \"12.2(29)SV\",\n \"12.2(25)SV1\",\n \"12.2(29)SV3\",\n \"12.2(29b)SV\",\n \"12.2(22)SV1\",\n \"12.2(18)SV3\",\n \"12.2(27)SV2\",\n \"12.2(27)SV5\",\n \"12.2(29b)SV1\",\n \"12.2(27)SV4\",\n \"12.2(29a)SV1\",\n \"12.2(24)SV1\",\n \"12.2(28)SV1\",\n \"12.2(29)SV1\",\n \"12.2(27)SV1\",\n \"12.2(29)SV4\",\n \"12.2(18)SV1\",\n \"12.2(18)SV2\",\n \"12.2(23)SV1\",\n \"12.2(25)SV2\",\n \"12.2(25)SV3\",\n \"12.2(29)SV2\",\n \"12.2(27)SV3\",\n \"12.2(28)SV2\",\n \"12.2(26)SV1\",\n \"12.2(25)SW\",\n \"12.2(23)SW\",\n \"12.2(18)SW\",\n \"12.2(19)SW\",\n \"12.2(20)SW\",\n \"12.2(21)SW\",\n \"12.2(25)SW9\",\n \"12.2(25)SW2\",\n \"12.2(25)SW11\",\n \"12.2(25)SW10\",\n \"12.2(25)SW3a\",\n \"12.2(25)SW5\",\n \"12.2(25)SW4a\",\n \"12.2(25)SW4\",\n \"12.2(25)SW12\",\n \"12.2(25)SW7\",\n \"12.2(23)SW1\",\n \"12.2(25)SW3b\",\n \"12.2(25)SW6\",\n \"12.2(25)SW1\",\n \"12.2(21)SW1\",\n \"12.2(25)SW8\",\n \"12.2(25)SW3\",\n \"12.2(17d)SXB\",\n \"12.2(17d)SXB6\",\n \"12.2(17d)SXB11\",\n \"12.2(17d)SXB7\",\n \"12.2(17d)SXB4\",\n \"12.2(17d)SXB2\",\n \"12.2(17d)SXB3\",\n \"12.2(17d)SXB5\",\n \"12.2(17d)SXB10\",\n \"12.2(17d)SXB8\",\n \"12.2(17d)SXB11a\",\n \"12.2(17d)SXB1\",\n \"12.2(17d)SXB9\",\n \"12.2(17b)SXA\",\n \"12.2(17b)SXA2\",\n \"12.2(18)SXD\",\n \"12.2(18)SXD7a\",\n \"12.2(18)SXD7b\",\n \"12.2(18)SXD1\",\n \"12.2(18)SXD6\",\n \"12.2(18)SXD7\",\n \"12.2(18)SXD5\",\n \"12.2(18)SXD4\",\n \"12.2(18)SXD2\",\n \"12.2(18)SXD3\",\n \"12.3(7)XR\",\n \"12.3(7)XR4\",\n \"12.3(7)XR3\",\n \"12.3(7)XR5\",\n \"12.3(7)XR6\",\n \"12.3(7)XR8\",\n \"12.3(7)XR2\",\n \"12.3(7)XR7\",\n \"12.3(7)XS\",\n \"12.3(7)XS2\",\n \"12.3(7)XS1\",\n \"12.3(8)XU\",\n \"12.3(8)XU5\",\n \"12.3(8)XU2\",\n \"12.3(8)XU1\",\n \"12.3(8)XU4\",\n \"12.3(8)XU3\",\n \"12.3(8)XX\",\n \"12.3(8)XX2f\",\n \"12.3(8)XX1\",\n \"12.3(8)XX2d\",\n \"12.3(8)XW\",\n \"12.3(8)XW2\",\n \"12.3(8)XW3\",\n \"12.3(8)XW1\",\n \"12.3(8)XY\",\n \"12.3(8)XY3\",\n \"12.3(8)XY5\",\n \"12.3(8)XY4\",\n \"12.3(8)XY1\",\n \"12.3(8)XY7\",\n \"12.3(8)XY2\",\n \"12.3(8)XY6\",\n \"12.3(2)XZ\",\n \"12.3(2)XZ1\",\n \"12.3(2)XZ2\",\n \"12.3(8)YA\",\n \"12.3(8)YA1\",\n \"12.3(8)YD\",\n \"12.3(8)YD1\",\n \"12.3(11)YF\",\n \"12.3(11)YF2\",\n \"12.3(11)YF3\",\n \"12.3(11)YF4\",\n \"12.3(11)YF1\",\n \"12.3(8)YH\",\n \"12.3(8)YG\",\n \"12.3(8)YG5\",\n \"12.3(8)YG3\",\n \"12.3(8)YG6\",\n \"12.3(8)YG2\",\n \"12.3(8)YG1\",\n \"12.3(8)YG4\",\n \"12.2(1)M0\",\n \"12.2(6c)M1\",\n \"12.2(12b)M1\",\n \"12.2(12h)M1\",\n \"12.2(8)BY\",\n \"12.2(8)BY1\",\n \"12.2(2)BY2\",\n \"12.2(2)BY\",\n \"12.2(2)BY1\",\n \"12.2(2)BY3\",\n \"12.2(8)BY2\",\n \"12.2(4)XV\",\n \"12.2(4)XV1\",\n \"12.2(4)XV2\",\n \"12.2(4)XV4\",\n \"12.2(4)XV4a\",\n \"12.2(4)XV3\",\n \"12.2(4)XV5\",\n \"12.3(13a)BC6\",\n \"12.3(17a)BC2\",\n \"12.3(17a)BC\",\n \"12.3(13a)BC\",\n \"12.3(21)BC\",\n \"12.3(9a)BC\",\n \"12.3(21a)BC9\",\n \"12.3(21a)BC4\",\n \"12.3(9a)BC9\",\n \"12.3(17b)BC6\",\n \"12.3(13a)BC2\",\n \"12.3(23)BC\",\n \"12.3(17b)BC3\",\n \"12.3(9a)BC2\",\n \"12.3(17b)BC9\",\n \"12.3(23)BC8\",\n \"12.3(23)BC10\",\n \"12.3(9a)BC10\",\n \"12.3(23)BC1\",\n \"12.3(9a)BC1\",\n \"12.3(17b)BC8\",\n \"12.3(9a)BC3\",\n \"12.3(23)BC9\",\n \"12.3(21a)BC6\",\n \"12.3(9a)BC6\",\n \"12.3(9a)BC5\",\n \"12.3(23)BC7\",\n \"12.3(13a)BC3\",\n \"12.3(23)BC6\",\n \"12.3(23)BC4\",\n \"12.3(13a)BC1\",\n \"12.3(17b)BC5\",\n \"12.3(21a)BC8\",\n \"12.3(9a)BC8\",\n \"12.3(21a)BC3\",\n \"12.3(21a)BC7\",\n \"12.3(9a)BC7\",\n \"12.3(23)BC5\",\n \"12.3(13a)BC5\",\n \"12.3(9a)BC4\",\n \"12.3(21a)BC2\",\n \"12.3(13a)BC4\",\n \"12.3(17b)BC7\",\n \"12.3(23)BC3\",\n \"12.3(21b)BC5\",\n \"12.3(21a)BC1\",\n \"12.3(17a)BC1\",\n \"12.3(17b)BC4\",\n \"12.3(23)BC2\",\n \"12.3(21a)BC5\",\n \"12.3(1a)BW\",\n \"12.0(1)DB\",\n \"12.0(3)DB\",\n \"12.0(7)DB2\",\n \"12.0(4)DB\",\n \"12.0(7)DB\",\n \"12.0(5)DB\",\n \"12.0(7)DB1\",\n \"12.0(2)DB\",\n \"12.0(7)DC1\",\n \"12.0(7)DC\",\n \"12.0(5)DC\",\n \"12.0(3)DC1\",\n \"12.0(3)DC\",\n \"12.0(2)XF1\",\n \"12.0(7)XF1\",\n \"12.0(2)XF\",\n \"12.0(2)XF2\",\n \"12.0(7)XF\",\n \"12.0(5)XS1\",\n \"12.0(5)XS\",\n \"12.0(5)XS2\",\n \"12.1(14)AZ\",\n \"12.1(14)EO\",\n \"12.1(19)EO\",\n \"12.1(20)EO\",\n \"12.1(19)EO6\",\n \"12.1(20)EO3\",\n \"12.1(19)EO3\",\n \"12.1(19)EO1\",\n \"12.1(14)EO1\",\n \"12.1(19)EO2\",\n \"12.1(19)EO4\",\n \"12.1(19)EO5\",\n \"12.1(20)EO1\",\n \"12.1(20)EO2\",\n \"12.3(11)YJ\",\n \"12.3(8)YI2\",\n \"12.3(8)YI3\",\n \"12.3(8)YI1\",\n \"12.3(11)YK\",\n \"12.3(11)YK4\",\n \"12.3(11)YK1\",\n \"12.3(11)YK2\",\n \"12.3(11)YK3\",\n \"12.1(20)EU\",\n \"12.1(20)EU1\",\n \"12.2(20)EU\",\n \"12.2(20)EU1\",\n \"12.2(20)EU2\",\n \"12.2(25)EX\",\n \"12.2(20)EX\",\n \"12.2(35)EX\",\n \"12.2(44)EX\",\n \"12.2(35)EX2\",\n \"12.2(40)EX3\",\n \"12.2(40)EX\",\n \"12.2(53)EX\",\n \"12.2(37)EX\",\n \"12.2(52)EX\",\n \"12.2(44)EX1\",\n \"12.2(35)EX1\",\n \"12.2(25)EX1\",\n \"12.2(40)EX2\",\n \"12.2(40)EX1\",\n \"12.2(55)EX\",\n \"12.2(46)EX\",\n \"12.2(52)EX1\",\n \"12.2(54)EX\",\n \"12.2(55)EX1\",\n \"12.2(55)EX2\",\n \"12.2(55)EX3\",\n \"12.2(58)EX\",\n \"12.2(58)EX1\",\n \"12.2(25)SEB\",\n \"12.2(25)SEB2\",\n \"12.2(25)SEB1\",\n \"12.2(25)SEB4\",\n \"12.2(25)SEB3\",\n \"12.2(25)SEA\",\n \"12.2(25)EY\",\n \"12.2(46)EY\",\n \"12.2(55)EY\",\n \"12.2(52)EY1\",\n \"12.2(25)EY1\",\n \"12.2(44)EY\",\n \"12.2(52)EY\",\n \"12.2(53)EY\",\n \"12.2(25)EY3\",\n \"12.2(52)EY2\",\n \"12.2(37)EY\",\n \"12.2(25)EY2\",\n \"12.2(25)EY4\",\n \"12.2(52)EY1b\",\n \"12.2(52)EY1c\",\n \"12.2(58)EY\",\n \"12.2(52)EY3\",\n \"12.2(52)EY2a\",\n \"12.2(58)EY1\",\n \"12.2(52)EY4\",\n \"12.2(52)EY3a\",\n \"12.2(52)EY3b\",\n \"12.2(58)EY2\",\n \"12.2(18)SO1\",\n \"12.2(18)SO6\",\n \"12.2(18)SO7\",\n \"12.2(18)SO4\",\n \"12.2(18)SO3\",\n \"12.2(18)SO2\",\n \"12.2(18)SO5\",\n \"12.3(2)JA\",\n \"12.3(2)JA1\",\n \"12.3(2)JA2\",\n \"12.3(2)JA3\",\n \"12.3(2)JA4\",\n \"12.3(2)JA5\",\n \"12.3(4)JA1\",\n \"12.3(4)JA\",\n \"12.3(7)JA1\",\n \"12.3(7)JA\",\n \"12.3(8)JA\",\n \"12.3(8)JA1\",\n \"12.3(8)JA2\",\n \"12.3(11)JA\",\n \"12.3(7)JA4\",\n \"12.3(4)JA2\",\n \"12.3(7)JA5\",\n \"12.3(11)JA3\",\n \"12.3(11)JA4\",\n \"12.3(8)JA3\",\n \"12.3(2)JA6\",\n \"12.3(11)JA2\",\n \"12.3(11)JA1\",\n \"12.3(7)JA3\",\n \"12.3(7)JA2\",\n \"12.3(11)JA5\",\n \"12.3(14)YQ8\",\n \"12.3(14)YQ\",\n \"12.3(14)YQ5\",\n \"12.3(14)YQ4\",\n \"12.3(14)YQ7\",\n \"12.3(14)YQ1\",\n \"12.3(14)YQ6\",\n \"12.3(14)YQ3\",\n \"12.3(14)YQ2\",\n \"12.3(11)YS\",\n \"12.3(11)YS1\",\n \"12.3(11)YS2\",\n \"12.3(11)YS3\",\n \"12.4(3e)\",\n \"12.4(7b)\",\n \"12.4(8)\",\n \"12.4(5b)\",\n \"12.4(7a)\",\n \"12.4(3d)\",\n \"12.4(1)\",\n \"12.4(1a)\",\n \"12.4(1b)\",\n \"12.4(1c)\",\n \"12.4(10)\",\n \"12.4(3)\",\n \"12.4(3a)\",\n \"12.4(3b)\",\n \"12.4(3c)\",\n \"12.4(3f)\",\n \"12.4(5)\",\n \"12.4(5a)\",\n \"12.4(7c)\",\n \"12.4(7)\",\n \"12.4(8a)\",\n \"12.4(8b)\",\n \"12.4(7d)\",\n \"12.4(3g)\",\n \"12.4(8c)\",\n \"12.4(10b)\",\n \"12.4(12)\",\n \"12.4(12a)\",\n \"12.4(12b)\",\n \"12.4(13)\",\n \"12.4(13a)\",\n \"12.4(13b)\",\n \"12.4(13c)\",\n \"12.4(7e)\",\n \"12.4(17)\",\n \"12.4(25e)\",\n \"12.4(18b)\",\n \"12.4(18e)\",\n \"12.4(25g)\",\n \"12.4(3i)\",\n \"12.4(19a)\",\n \"12.4(3j)\",\n \"12.4(23b)\",\n \"12.4(3h)\",\n \"12.4(7h)\",\n \"12.4(25a)\",\n \"12.4(16)\",\n \"12.4(13d)\",\n \"12.4(25)\",\n \"12.4(25c)\",\n \"12.4(19)\",\n \"12.4(13e)\",\n \"12.4(25b)\",\n \"12.4(23)\",\n \"12.4(10c)\",\n \"12.4(21)\",\n \"12.4(16b)\",\n \"12.4(19b)\",\n \"12.4(16a)\",\n \"12.4(23a)\",\n \"12.4(25d)\",\n \"12.4(7f)\",\n \"12.4(18)\",\n \"12.4(14)\",\n \"12.4(21a)\",\n \"12.4(13f)\",\n \"12.4(25f)\",\n \"12.4(18c)\",\n \"12.4(5c)\",\n \"12.4(69)\",\n \"12.4(8d)\",\n \"12.4(12c)\",\n \"12.4(21b)\",\n \"12.4(17a)\",\n \"12.4(18a)\",\n \"12.4(17b)\",\n \"12.4(7g)\",\n \"12.2(25)EZ\",\n \"12.2(25)EZ1\",\n \"12.2(58)EZ\",\n \"12.2(53)EZ\",\n \"12.2(55)EZ\",\n \"12.2(58)EZ1\",\n \"12.2(60)EZ\",\n \"12.2(60)EZ1\",\n \"12.2(60)EZ2\",\n \"12.2(60)EZ3\",\n \"12.2(60)EZ4\",\n \"12.2(60)EZ5\",\n \"12.2(60)EZ6\",\n \"12.2(60)EZ7\",\n \"12.2(60)EZ8\",\n \"12.2(60)EZ9\",\n \"12.2(60)EZ10\",\n \"12.2(60)EZ11\",\n \"12.2(25)SEC\",\n \"12.2(25)SEC2\",\n \"12.2(25)SEC1\",\n \"12.3(2)JK\",\n \"12.3(2)JK1\",\n \"12.3(2)JK2\",\n \"12.3(8)JK1\",\n \"12.3(2)JK4\",\n \"12.3(2)JK3\",\n \"12.3(8)JK2\",\n \"12.3(14)YU\",\n \"12.3(14)YU1\",\n \"12.4(6)MR1\",\n \"12.4(11)MR\",\n \"12.4(2)MR\",\n \"12.4(4)MR\",\n \"12.4(6)MR\",\n \"12.4(9)MR\",\n \"12.4(12)MR\",\n \"12.4(16)MR\",\n \"12.4(16)MR1\",\n \"12.4(19)MR2\",\n \"12.4(19)MR1\",\n \"12.4(19)MR\",\n \"12.4(20)MR\",\n \"12.4(4)MR1\",\n \"12.4(19)MR3\",\n \"12.4(12)MR1\",\n \"12.4(20)MR2\",\n \"12.4(16)MR2\",\n \"12.4(12)MR2\",\n \"12.4(2)MR1\",\n \"12.4(4)T\",\n \"12.4(4)T1\",\n \"12.4(4)T2\",\n \"12.4(4)T3\",\n \"12.4(6)T\",\n \"12.4(6)T1\",\n \"12.4(6)T2\",\n \"12.4(9)T\",\n \"12.4(4)T4\",\n \"12.4(2)T5\",\n \"12.4(6)T3\",\n \"12.4(2)T\",\n \"12.4(11)T\",\n \"12.4(15)T\",\n \"12.4(20)T\",\n \"12.4(24)T\",\n \"12.4(24)T3\",\n \"12.4(4)T8\",\n \"12.4(20)T1\",\n \"12.4(22)T1\",\n \"12.4(15)T9\",\n \"12.4(11)T4\",\n \"12.4(15)T8\",\n \"12.4(6)T5\",\n \"12.4(20)T6a\",\n \"12.4(15)T15\",\n \"12.4(24)T5\",\n \"12.4(15)T2\",\n \"12.4(6)T8\",\n \"12.4(15)T12\",\n \"12.4(24)T4\",\n \"12.4(6)T11\",\n \"12.4(9)T5\",\n \"12.4(20)T3\",\n \"12.4(6)T4\",\n \"12.4(4)T6\",\n \"12.4(22)T\",\n \"12.4(20)T6\",\n \"12.4(9)T3\",\n \"12.4(24)T8\",\n \"12.4(6)T7\",\n \"12.4(15)T13\",\n \"12.4(6)T10\",\n \"12.4(15)T3\",\n \"12.4(24)T2\",\n \"12.4(22)T5\",\n \"12.4(2)T3\",\n \"12.4(15)T10\",\n \"12.4(22)T4\",\n \"12.4(20)T5\",\n \"12.4(9)T6\",\n \"12.4(15)T4\",\n \"12.4(2)T4\",\n \"12.4(24)T1\",\n \"12.4(9)T4\",\n \"12.4(24)T7\",\n \"12.4(22)T3\",\n \"12.4(9)T1\",\n \"12.4(24)T6\",\n \"12.4(6)T9\",\n \"12.4(15)T5\",\n \"12.4(4)T7\",\n \"12.4(20)T2\",\n \"12.4(2)T1\",\n \"12.4(11)T1\",\n \"12.4(15)T11\",\n \"12.4(2)T6\",\n \"12.4(2)T2\",\n \"12.4(15)T7\",\n \"12.4(11)T2\",\n \"12.4(9)T7\",\n \"12.4(15)T14\",\n \"12.4(22)T6\",\n \"12.4(11)T3\",\n \"12.4(15)T6\",\n \"12.4(15)T16\",\n \"12.4(15)T1\",\n \"12.4(9)T2\",\n \"12.4(6)T6\",\n \"12.4(22)T2\",\n \"12.4(4)T5\",\n \"12.4(20)T4\",\n \"12.4(24)T4a\",\n \"12.4(24)T4b\",\n \"12.4(24)T3e\",\n \"12.4(24)T4c\",\n \"12.4(15)T17\",\n \"12.4(24)T4d\",\n \"12.4(24)T4e\",\n \"12.4(24)T3f\",\n \"12.4(24)T4f\",\n \"12.4(13r)T\",\n \"12.4(13r)T11\",\n \"12.4(24)T4l\",\n \"12.3(14)YT\",\n \"12.3(14)YT1\",\n \"12.2(18)SXF\",\n \"12.2(18)SXF5\",\n \"12.2(18)SXF6\",\n \"12.2(18)SXF15\",\n \"12.2(18)SXF1\",\n \"12.2(18)SXF10\",\n \"12.2(18)SXF17b\",\n \"12.2(18)SXF4\",\n \"12.2(18)SXF15a\",\n \"12.2(18)SXF3\",\n \"12.2(18)SXF17\",\n \"12.2(18)SXF12\",\n \"12.2(18)SXF8\",\n \"12.2(18)SXF10a\",\n \"12.2(18)SXF16\",\n \"12.2(18)SXF7\",\n \"12.2(18)SXF17a\",\n \"12.2(18)SXF14\",\n \"12.2(18)SXF12a\",\n \"12.2(18)SXF9\",\n \"12.2(18)SXF13\",\n \"12.2(18)SXF2\",\n \"12.2(18)SXF11\",\n \"12.2(18)SXF17c\",\n \"12.2(31)SG\",\n \"12.2(25)SG\",\n \"12.2(37)SG\",\n \"12.2(44)SG\",\n \"12.2(50)SG3\",\n \"12.2(31)SG1\",\n \"12.2(53)SG\",\n \"12.2(31)SG3\",\n \"12.2(50)SG6\",\n \"12.2(53)SG1\",\n \"12.2(46)SG\",\n \"12.2(25)SG1\",\n \"12.2(53)SG2\",\n \"12.2(50)SG5\",\n \"12.2(37)SG1\",\n \"12.2(53)SG3\",\n \"12.2(50)SG8\",\n \"12.2(25)SG3\",\n \"12.2(50)SG2\",\n \"12.2(40)SG\",\n \"12.2(25)SG2\",\n \"12.2(54)SG1\",\n \"12.2(44)SG1\",\n \"12.2(50)SG1\",\n \"12.2(52)SG\",\n \"12.2(54)SG\",\n \"12.2(31)SG2\",\n \"12.2(36)SG\",\n \"12.2(50)SG\",\n \"12.2(25)SG4\",\n \"12.2(50)SG7\",\n \"12.2(53)SG4\",\n \"12.2(50)SG4\",\n \"12.2(46)SG1\",\n \"12.2(53)SG5\",\n \"12.2(53)SG6\",\n \"12.2(53)SG7\",\n \"12.2(44r)SG5\",\n \"12.2(53)SG8\",\n \"12.2(53)SG9\",\n \"12.2(53)SG10\",\n \"12.2(53)SG11\",\n \"12.1(5)XX\",\n \"12.1(5)XX1\",\n \"12.1(5)XX3\",\n \"12.1(5)XX2\",\n \"12.1(4)XY1\",\n \"12.1(4)XY4\",\n \"12.1(4)XY3\",\n \"12.1(4)XY\",\n \"12.1(4)XY5\",\n \"12.1(4)XY6\",\n \"12.1(4)XY8\",\n \"12.1(4)XY7\",\n \"12.1(4)XY2\",\n \"12.2(25)FX\",\n \"12.2(25)FY\",\n \"12.2(27)SBC\",\n \"12.2(27)SBC6\",\n \"12.2(27)SBC2\",\n \"12.2(27)SBC3\",\n \"12.2(27)SBC4\",\n \"12.2(27)SBC5\",\n \"12.2(27)SBC1\",\n \"12.2(18)SXE\",\n \"12.2(18)SXE2\",\n \"12.2(18)SXE6\",\n \"12.2(18)SXE3\",\n \"12.2(18)SXE6a\",\n \"12.2(18)SXE4\",\n \"12.2(18)SXE6b\",\n \"12.2(18)SXE1\",\n \"12.2(18)SXE5\",\n \"12.2(8)TPC10a\",\n \"12.2(8)TPC10b\",\n \"12.2(8)TPC10d\",\n \"12.2(8)TPC10c\",\n \"12.3(7)JX2\",\n \"12.3(7)JX\",\n \"12.3(7)JX1\",\n \"12.3(7)JX4\",\n \"12.3(11)JX\",\n \"12.3(7)JX7\",\n \"12.3(7)JX12\",\n \"12.3(7)JX9\",\n \"12.3(7)JX10\",\n \"12.3(7)JX13\",\n \"12.3(11)JX1\",\n \"12.3(7)JX6\",\n \"12.3(7)JX5\",\n \"12.3(7)JX3\",\n \"12.3(7)JX11\",\n \"12.3(7)JX8\",\n \"12.3(4)TPC11b\",\n \"12.3(4)TPC11a\",\n \"12.3(4)TPC11c\",\n \"12.4(2)XB\",\n \"12.4(2)XB1\",\n \"12.4(2)XB6\",\n \"12.4(2)XB7\",\n \"12.4(2)XB11\",\n \"12.4(2)XB3\",\n \"12.4(2)XB9\",\n \"12.4(2)XB8\",\n \"12.4(2)XB2\",\n \"12.4(2)XB10\",\n \"12.4(2)XB4\",\n \"12.4(2)XB5\",\n \"12.4(2)XB12\",\n \"12.4(2)XA\",\n \"12.4(2)XA1\",\n \"12.4(2)XA2\",\n \"12.3(14)YM8\",\n \"12.3(14)YM12\",\n \"12.3(14)YM4\",\n \"12.3(14)YM3\",\n \"12.3(14)YM7\",\n \"12.3(13)YM3\",\n \"12.3(14)YM11\",\n \"12.3(14)YM9\",\n \"12.3(14)YM6\",\n \"12.3(14)YM10\",\n \"12.3(14)YM13\",\n \"12.3(14)YM5\",\n \"12.3(14)YM2\",\n \"12.1(1)GA\",\n \"12.1(1)GA1\",\n \"12.1(2)GB\",\n \"12.1(4)XZ6\",\n \"12.1(4)XZ1\",\n \"12.1(4)XZ5\",\n \"12.1(4)XZ7\",\n \"12.1(4)XZ4\",\n \"12.1(4)XZ\",\n \"12.1(4)XZ3\",\n \"12.1(4)XZ2\",\n \"12.2(28)SB2\",\n \"12.2(28)SB\",\n \"12.2(28)SB10\",\n \"12.2(31)SB3x\",\n \"12.2(33)SB3\",\n \"12.2(28)SB11\",\n \"12.2(31)SB5\",\n \"12.2(28)SB5c\",\n \"12.2(31)SB10\",\n \"12.2(33)SB9\",\n \"12.2(28)SB14\",\n \"12.2(28)SB3\",\n \"12.2(31)SB15\",\n \"12.2(33)SB10\",\n \"12.2(33)SB6\",\n \"12.2(28)SB5\",\n \"12.2(31)SB11\",\n \"12.2(28)SB12\",\n \"12.2(31)SB7\",\n \"12.2(33)SB5\",\n \"12.2(31)SB6\",\n \"12.2(34)SB4e\",\n \"12.2(28)SB1\",\n \"12.2(33)SB8\",\n \"12.2(28)SB6\",\n \"12.2(31)SB17\",\n \"12.2(28)SB8\",\n \"12.2(31)SB13\",\n \"12.2(31)SB9\",\n \"12.2(28)SB4\",\n \"12.2(31)SB16\",\n \"12.2(31)SB12\",\n \"12.2(31)SB20\",\n \"12.2(28)SB7\",\n \"12.2(33)SB2\",\n \"12.2(28)SB9\",\n \"12.2(34)SB5\",\n \"12.2(31)SB8\",\n \"12.2(31)SB3\",\n \"12.2(31)SB18\",\n \"12.2(31)SB2\",\n \"12.2(31)SB14\",\n \"12.2(31)SB19\",\n \"12.2(33)SB\",\n \"12.2(33)SB7\",\n \"12.2(33)SB1\",\n \"12.2(33)SB4\",\n \"12.2(28)SB13\",\n \"12.2(33)SB11\",\n \"12.2(31)SB21\",\n \"12.2(33)SB12\",\n \"12.2(33)SB6c\",\n \"12.2(33)SB13\",\n \"12.2(33)SB8h\",\n \"12.2(33)SB14\",\n \"12.2(33)SB15\",\n \"12.2(33)SB16\",\n \"12.2(33)SB17\",\n \"12.2(33)SB18\",\n \"12.2(33)SRA\",\n \"12.2(33)SRA6\",\n \"12.2(33)SRA7\",\n \"12.2(33)SRA2\",\n \"12.2(33)SRA3\",\n \"12.2(33)SRA1\",\n \"12.2(33)SRA4\",\n \"12.2(33)SRA5\",\n \"12.2(28b)ZV1\",\n \"12.2(28)ZV2\",\n \"12.2(28)ZX\",\n \"12.4(4)XC\",\n \"12.4(4)XC1\",\n \"12.4(4)XC5\",\n \"12.4(4)XC7\",\n \"12.4(4)XC3\",\n \"12.4(4)XC4\",\n \"12.4(4)XC2\",\n \"12.4(4)XC6\",\n \"12.4(4)XD\",\n \"12.4(4)XD4\",\n \"12.4(4)XD10\",\n \"12.4(4)XD12\",\n \"12.4(4)XD2\",\n \"12.4(4)XD8\",\n \"12.4(4)XD11\",\n \"12.4(4)XD1\",\n \"12.4(4)XD5\",\n \"12.4(4)XD7\",\n \"12.4(4)XD9\",\n \"12.4(6)XE\",\n \"12.4(6)XE3\",\n \"12.4(6)XE5\",\n \"12.4(6)XE2\",\n \"12.4(6)XE1\",\n \"12.2(25)SEF1\",\n \"12.2(25)SEF2\",\n \"12.2(25)SEF3\",\n \"12.2(25)SEE\",\n \"12.2(25)SEE1\",\n \"12.2(25)SEE3\",\n \"12.2(25)SEE4\",\n \"12.2(25)SEE2\",\n \"12.2(25)SED\",\n \"12.2(25)SED1\",\n \"12.3(11)YZ1\",\n \"12.3(11)YZ\",\n \"12.3(11)YZ3\",\n \"12.3(11)YZ2\",\n \"12.0(5)XW\",\n \"12.4(11)SW\",\n \"12.4(15)SW6\",\n \"12.4(15)SW\",\n \"12.4(11)SW1\",\n \"12.4(15)SW5\",\n \"12.4(15)SW1\",\n \"12.4(15)SW4\",\n \"12.4(11)SW3\",\n \"12.4(11)SW2\",\n \"12.4(15)SW3\",\n \"12.4(15)SW2\",\n \"12.4(6)SW\",\n \"12.4(15)SW7\",\n \"12.4(15)SW8\",\n \"12.4(15)SW8a\",\n \"12.4(15)SW9\",\n \"12.4(15)SW9a\",\n \"12.4(9)XG\",\n \"12.4(9)XG3\",\n \"12.4(9)XG5\",\n \"12.4(9)XG2\",\n \"12.4(9)XG1\",\n \"12.4(9)XG4\",\n \"12.4(11)XJ\",\n \"12.4(11)XJ3\",\n \"12.4(11)XJ2\",\n \"12.4(11)XJ4\",\n \"12.4(6)XT\",\n \"12.4(6)XT1\",\n \"12.4(6)XT2\",\n \"12.4(6)XP\",\n \"12.4(4)XP\",\n \"12.2(31)SGA\",\n \"12.2(31)SGA3\",\n \"12.2(31)SGA2\",\n \"12.2(31)SGA10\",\n \"12.2(31)SGA5\",\n \"12.2(31)SGA4\",\n \"12.2(31)SGA11\",\n \"12.2(31)SGA6\",\n \"12.2(31)SGA1\",\n \"12.2(31)SGA7\",\n \"12.2(31)SGA8\",\n \"12.2(31)SGA9\",\n \"12.2(28)VZ\",\n \"12.2(18)IXA\",\n \"12.2(18)IXB\",\n \"12.2(18)IXB2\",\n \"12.2(18)IXB1\",\n \"12.2(18)IXC\",\n \"12.2(18)IXC1\",\n \"12.2(18)IXD\",\n \"12.2(18)IXD1\",\n \"12.2(25)SEG\",\n \"12.2(25)SEG5\",\n \"12.2(25)SEG2\",\n \"12.2(25)SEG4\",\n \"12.2(25)SEG1\",\n \"12.2(25)SEG3\",\n \"12.2(25)SEG6\",\n \"12.2(18)ZU\",\n \"12.2(18)ZU1\",\n \"12.2(18)ZU2\",\n \"12.2(18)ZY\",\n \"12.2(18)ZY1\",\n \"12.2(18)ZY2\",\n \"12.2(18)ZY3\",\n \"12.3(8)JEA\",\n \"12.3(8)JEA1\",\n \"12.3(8)JEA4\",\n \"12.3(8)JEA3\",\n \"12.3(8)JEA2\",\n \"12.3(8)VA\",\n \"12.4(3g)JA\",\n \"12.4(25d)JA\",\n \"12.4(21a)JA\",\n \"12.4(18a)JA\",\n \"12.4(13d)JA1a\",\n \"12.4(21a)JA1\",\n \"12.4(16b)JA1\",\n \"12.4(21a)JA2\",\n \"12.4(10b)JA3\",\n \"12.4(21a)JA3\",\n \"12.4(3g)JA3\",\n \"12.4(18a)JA2\",\n \"12.4(25d)JA1\",\n \"12.4(10a)JA\",\n \"12.4(10b)JA1\",\n \"12.4(18a)JA1\",\n \"12.4(18a)JA3\",\n \"12.4(23c)JA\",\n \"12.4(10b)JA5\",\n \"12.4(16b)JA\",\n \"12.4(16b)JA2\",\n \"12.4(10b)JA4\",\n \"12.4(10b)JA1a\",\n \"12.4(10b)JA2\",\n \"12.4(3g)JA1\",\n \"12.4(13d)JA\",\n \"12.4(3g)JA2\",\n \"12.4(23c)JA1\",\n \"12.4(10b)JA\",\n \"12.4(13d)JA1\",\n \"12.4(23c)JA2\",\n \"12.4(23c)JA3\",\n \"12.4(23c)JA4\",\n \"12.4(25d)JA2\",\n \"12.4(21a)JA50\",\n \"12.4(25e)JA\",\n \"12.4(23c)JA5\",\n \"12.4(25e)JA1\",\n \"12.4(23c)JA6\",\n \"12.4(23c)JA7\",\n \"12.4(23c)JA8\",\n \"12.4(23c)JA9\",\n \"12.4(23c)JA10\",\n \"12.4(11)MD\",\n \"12.4(11)MD2\",\n \"12.4(24)MD1\",\n \"12.4(11)MD1\",\n \"12.4(24)MD\",\n \"12.4(11)MD10\",\n \"12.4(15)MD3\",\n \"12.4(22)MD3\",\n \"12.4(24)MD3\",\n \"12.4(15)MD2\",\n \"12.4(11)MD5\",\n \"12.4(24)MD2\",\n \"12.4(11)MD9\",\n \"12.4(22)MD1\",\n \"12.4(15)MD5\",\n \"12.4(15)MD4\",\n \"12.4(22)MD2\",\n \"12.4(11)MD8\",\n \"12.4(11)MD7\",\n \"12.4(24)MD5\",\n \"12.4(15)MD\",\n \"12.4(15)MD1\",\n \"12.4(11)MD6\",\n \"12.4(22)MD\",\n \"12.4(11)MD4\",\n \"12.4(11)MD3\",\n \"12.4(24)MD4\",\n \"12.4(15)MD6\",\n \"12.4(24)MD6\",\n \"12.4(11)MD11\",\n \"12.4(24)MD7\",\n \"12.4(24)MD8\",\n \"12.4(14)XK\",\n \"12.4(11)XV\",\n \"12.4(11)XV2\",\n \"12.4(11)XV1\",\n \"12.4(11)XW\",\n \"12.4(11)XW3\",\n \"12.4(11)XW7\",\n \"12.4(11)XW10\",\n \"12.4(11)XW8\",\n \"12.4(11)XW9\",\n \"12.4(11)XW6\",\n \"12.4(11)XW4\",\n \"12.4(11)XW1\",\n \"12.4(11)XW5\",\n \"12.4(11)XW2\",\n \"12.2(33)SRB\",\n \"12.2(33)SRB4\",\n \"12.2(33)SRB5a\",\n \"12.2(33)SRB3\",\n \"12.2(33)SRB1\",\n \"12.2(33)SRB7\",\n \"12.2(33)SRB6\",\n \"12.2(33)SRB5\",\n \"12.2(33)SRB2\",\n \"12.1(3)XO\",\n \"12.1(3a)XN\",\n \"12.2(29)SVC\",\n \"12.4(3g)JMA2\",\n \"12.4(3g)JMA\",\n \"12.4(3g)JMA1\",\n \"12.3(8)JEB\",\n \"12.3(8)JEB2\",\n \"12.3(8)JEB1\",\n \"12.3(8)JEC2\",\n \"12.3(8)JEC4\",\n \"12.3(8)JEC1\",\n \"12.3(8)JEC3\",\n \"12.3(8)JEC\",\n \"12.2(18)IXE\",\n \"12.2(25)FZ\",\n \"12.4(15)XF\",\n \"12.4(9)XF\",\n \"12.4(11)XF\",\n \"12.3(2)JL\",\n \"12.3(2)JL3\",\n \"12.3(2)JL1\",\n \"12.3(2)JL4\",\n \"12.3(2)JL5\",\n \"12.3(2)JL2\",\n \"12.2(27)SBA3\",\n \"12.2(27)SBB4e\",\n \"12.2(33)SCA2\",\n \"12.2(33)SCA1\",\n \"12.2(33)SCA\",\n \"12.2(33)SRC2\",\n \"12.2(33)SRC\",\n \"12.2(33)SRC3\",\n \"12.2(33)SRC5\",\n \"12.2(33)SRC6\",\n \"12.2(33)SRC4\",\n \"12.2(33)SRC1\",\n \"12.2(29)SVA2\",\n \"12.2(29)SVD\",\n \"12.2(29)SVD0\",\n \"12.2(29)SVD1\",\n \"12.2(33)SXH3a\",\n \"12.2(33)SXH8a\",\n \"12.2(33)SXH3\",\n \"12.2(33)SXH4\",\n \"12.2(33)SXH7\",\n \"12.2(33)SXH4x\",\n \"12.2(33)SXH\",\n \"12.2(33)SXH8\",\n \"12.2(33)SXH2a\",\n \"12.2(33)SXH2\",\n \"12.2(33)SXH1\",\n \"12.2(33)SXH5\",\n \"12.2(33)SXH6\",\n \"12.2(33)SXH8b\",\n \"12.4(15)XQ4\",\n \"12.4(15)XQ1\",\n \"12.4(15)XQ7\",\n \"12.4(15)XQ2a\",\n \"12.4(15)XQ6\",\n \"12.4(15)XQ2\",\n \"12.4(15)XQ\",\n \"12.4(15)XQ3\",\n \"12.4(15)XQ5\",\n \"12.4(15)XQ2b\",\n \"12.4(15)XQ8\",\n \"12.4(15)XY4\",\n \"12.4(15)XY5\",\n \"12.4(15)XY1\",\n \"12.4(15)XY\",\n \"12.4(15)XY2\",\n \"12.4(15)XY3\",\n \"12.4(15)XZ\",\n \"12.4(15)XZ2\",\n \"12.4(15)XZ1\",\n \"12.4(15)XL3\",\n \"12.4(15)XL1\",\n \"12.4(15)XL6\",\n \"12.4(15)XL2\",\n \"12.4(15)XL4\",\n \"12.4(15)XL5\",\n \"12.4(15)XL\",\n \"12.3(8)ZA\",\n \"12.4(15)XM3\",\n \"12.4(15)XM1\",\n \"12.4(15)XM2\",\n \"12.4(15)XM\",\n \"12.4(115)XN\",\n \"12.4(15)XN\",\n \"12.4(22)XR5\",\n \"12.4(22)XR4\",\n \"12.4(15)XR5\",\n \"12.4(15)XR2\",\n \"12.4(22)XR7\",\n \"12.4(15)XR4\",\n \"12.4(15)XR1\",\n \"12.4(15)XR7\",\n \"12.4(22)XR2\",\n \"12.4(15)XR9\",\n \"12.4(15)XR6\",\n \"12.4(15)XR3\",\n \"12.4(15)XR\",\n \"12.4(22)XR6\",\n \"12.4(22)XR10\",\n \"12.4(15)XR8\",\n \"12.4(22)XR1\",\n \"12.4(22)XR9\",\n \"12.4(22)XR3\",\n \"12.4(22)XR8\",\n \"12.4(22)XR11\",\n \"12.4(15)XR10\",\n \"12.4(22)XR12\",\n \"12.4(20)YA3\",\n \"12.4(20)YA2\",\n \"12.4(20)YA\",\n \"12.4(20)YA1\",\n \"12.2(33)IRA\",\n \"12.2(33)IRB\",\n \"12.2(18)IXG\",\n \"12.2(18)IXF\",\n \"12.2(18)IXF1\",\n \"12.2(33)SCB9\",\n \"12.2(33)SCB\",\n \"12.2(33)SCB6\",\n \"12.2(33)SCB3\",\n \"12.2(33)SCB10\",\n \"12.2(33)SCB4\",\n \"12.2(33)SCB2\",\n \"12.2(33)SCB7\",\n \"12.2(33)SCB1\",\n \"12.2(33)SCB5\",\n \"12.2(33)SCB8\",\n \"12.2(33)SCB11\",\n \"12.2(33)SRD7\",\n \"12.2(33)SRD6\",\n \"12.2(33)SRD2a\",\n \"12.2(33r)SRD2\",\n \"12.2(33)SRD4\",\n \"12.2(33)SRD5\",\n \"12.2(33)SRD3\",\n \"12.2(33)SRD2\",\n \"12.2(33)SRD1\",\n \"12.2(33)SRD\",\n \"12.2(33)SRD8\",\n \"12.2(33)STE0\",\n \"12.2(29)SVE0\",\n \"12.2(33)SXI2\",\n \"12.2(33)SXI3\",\n \"12.2(33)SXI5\",\n \"12.2(33)SXI0a\",\n \"12.2(33)SXI4a\",\n \"12.2(33)SXI4\",\n \"12.2(33)SXI2a\",\n \"12.2(33)SXI\",\n \"12.2(33)SXI6\",\n \"12.2(33)SXI7\",\n \"12.2(33)SXI1\",\n \"12.2(33)SXI8\",\n \"12.2(33)SXI9\",\n \"12.2(33)SXI8a\",\n \"12.2(33)SXI10\",\n \"12.2(33)SXI11\",\n \"12.2(33)SXI12\",\n \"12.2(33)SXI13\",\n \"12.2(33)SXI14\",\n \"12.2(52)XO\",\n \"12.2(54)XO\",\n \"12.2(40)XO\",\n \"12.2(46)XO\",\n \"12.2(18)ZYA2\",\n \"12.2(18)ZYA\",\n \"12.2(18)ZYA3a\",\n \"12.2(18)ZYA1\",\n \"12.2(18)ZYA3\",\n \"12.2(18)ZYA3b\",\n \"12.2(18)ZYA3c\",\n \"12.2(18)ZYA3d\",\n \"12.4(10b)JDA3\",\n \"12.4(10b)JDA4\",\n \"12.4(10b)JDA\",\n \"12.4(10b)JDA2\",\n \"12.4(10b)JDA1\",\n \"12.4(3)JL3\",\n \"12.4(3)JL\",\n \"12.4(3)JL2\",\n \"12.4(3)JL1\",\n \"12.4(3)JK4\",\n \"12.4(3)JK1\",\n \"12.4(3)JK\",\n \"12.4(3)JK3\",\n \"12.4(3)JK2\",\n \"12.4(3g)JMB1\",\n \"12.4(3g)JMB\",\n \"12.4(3g)JX\",\n \"12.4(3g)JX2\",\n \"12.4(10b)JX\",\n \"12.4(21a)JX\",\n \"12.4(3g)JX1\",\n \"12.4(25e)JX\",\n \"12.4(10b)JY\",\n \"12.4(21a)JY\",\n \"12.4(23c)JY\",\n \"12.4(23)JY\",\n \"12.2(19)SL\",\n \"12.2(17)SL5\",\n \"12.2(44)SQ3\",\n \"12.2(44)SQ\",\n \"12.2(44)SQ2\",\n \"12.2(50)SQ2\",\n \"12.2(50)SQ1\",\n \"12.2(50)SQ\",\n \"12.2(50)SQ3\",\n \"12.2(50)SQ4\",\n \"12.2(50)SQ5\",\n \"12.2(50)SQ6\",\n \"12.2(50)SQ7\",\n \"12.4(10b)JDC\",\n \"12.4(10b)JDD1\",\n \"12.4(10b)JDD\",\n \"12.4(22)YB5\",\n \"12.4(22)YB\",\n \"12.4(22)YB2\",\n \"12.4(22)YB7\",\n \"12.4(22)YB4\",\n \"12.4(22)YB1\",\n \"12.4(22)YB8\",\n \"12.4(22)YB3\",\n \"12.4(22)YB6\",\n \"12.4(22)YD3\",\n \"12.4(22)YD\",\n \"12.4(22)YD1\",\n \"12.4(22)YD2\",\n \"12.4(22)YD4\",\n \"12.4(22)YE2\",\n \"12.4(22)YE\",\n \"12.4(22)YE3\",\n \"12.4(22)YE4\",\n \"12.4(22)YE1\",\n \"12.4(24)YE2\",\n \"12.4(24)YE\",\n \"12.4(22)YE5\",\n \"12.4(24)YE1\",\n \"12.4(24)YE3\",\n \"12.4(24)YE3a\",\n \"12.4(24)YE4\",\n \"12.4(22)YE6\",\n \"12.4(24)YE5\",\n \"12.4(24)YE3b\",\n \"12.4(24)YE6\",\n \"12.4(24)YE7\",\n \"12.4(24)YE3c\",\n \"12.4(24)YE3d\",\n \"12.4(24)YE3e\",\n \"12.2(33)IRC\",\n \"12.2(33)ZM\",\n \"12.2(18)IXH1\",\n \"12.2(18)IXH\",\n \"12.4(22)MDA3\",\n \"12.4(24)MDA5\",\n \"12.4(22)MDA5\",\n \"12.4(24)MDA3\",\n \"12.4(22)MDA4\",\n \"12.4(24)MDA4\",\n \"12.4(24)MDA1\",\n \"12.4(22)MDA7\",\n \"12.4(22)MDA\",\n \"12.4(22)MDA2\",\n \"12.4(22)MDA1\",\n \"12.4(24)MDA2\",\n \"12.4(22)MDA6\",\n \"12.4(24)MDA6\",\n \"12.4(24)MDA7\",\n \"12.4(24)MDA8\",\n \"12.4(24)MDA10\",\n \"12.4(24)MDA9\",\n \"12.4(24)MDA11\",\n \"12.4(24)MDA12\",\n \"12.4(24)MDA13\",\n \"12.4(22)GC1\",\n \"12.4(24)GC1\",\n \"12.4(24)GC3\",\n \"12.4(24)GC3a\",\n \"12.4(24)GC4\",\n \"12.4(24)GC5\",\n \"12.2(33)SCC\",\n \"12.2(33)SCC2\",\n \"12.2(33)SCC6\",\n \"12.2(33)SCC7\",\n \"12.2(33)SCC5\",\n \"12.2(33)SCC4\",\n \"12.2(33)SCC3\",\n \"12.2(33)SCC1\",\n \"12.2(33)SCD5\",\n \"12.2(33)SCD1\",\n \"12.2(33)SCD7\",\n \"12.2(33)SCD4\",\n \"12.2(33)SCD\",\n \"12.2(33)SCD6\",\n \"12.2(33)SCD3\",\n \"12.2(33)SCD2\",\n \"12.2(33)SCD8\",\n \"12.3(8)JED\",\n \"12.3(8)JED1\",\n \"12.4(24)YG3\",\n \"12.4(24)YG4\",\n \"12.4(24)YG1\",\n \"12.4(24)YG2\",\n \"15.0(1)M1\",\n \"15.0(1)M5\",\n \"15.0(1)M4\",\n \"15.0(1)M3\",\n \"15.0(1)M2\",\n \"15.0(1)M6\",\n \"15.0(1)M\",\n \"15.0(1)M7\",\n \"15.0(1)M5a\",\n \"15.0(1)M11\",\n \"15.0(1)M10\",\n \"15.0(1)M9\",\n \"15.0(1)M8\",\n \"15.0(1r)M13\",\n \"15.0(1r)M15\",\n \"15.0(1r)M1\",\n \"15.0(1r)M3\",\n \"15.0(1r)M6\",\n \"15.0(1)XA2\",\n \"15.0(1)XA4\",\n \"15.0(1)XA1\",\n \"15.0(1)XA3\",\n \"15.0(1)XA\",\n \"15.0(1)XA5\",\n \"15.1(2)T\",\n \"15.1(1)T4\",\n \"15.1(4)T\",\n \"15.1(3)T2\",\n \"15.1(1)T1\",\n \"15.1(2)T0a\",\n \"15.1(3)T3\",\n \"15.1(1)T3\",\n \"15.1(2)T3\",\n \"15.1(2)T4\",\n \"15.1(1)T2\",\n \"15.1(3)T\",\n \"15.1(2)T2a\",\n \"15.1(3)T1\",\n \"15.1(1)T\",\n \"15.1(2)T2\",\n \"15.1(2)T1\",\n \"15.1(2)T5\",\n \"15.1(3)T4\",\n \"15.1(1)T5\",\n \"15.1(1)XB\",\n \"12.2(33)SRE1\",\n \"12.2(33)SRE2\",\n \"12.2(33)SRE3\",\n \"12.2(33)SRE4\",\n \"12.2(33)SRE\",\n \"12.2(33)SRE0a\",\n \"12.2(33)SRE5\",\n \"12.2(33)SRE6\",\n \"12.2(33)SRE8\",\n \"12.2(33)SRE7\",\n \"12.2(33)SRE9\",\n \"12.2(33)SRE7a\",\n \"12.2(33)SRE10\",\n \"12.2(33)SRE11\",\n \"12.2(33)SRE9a\",\n \"12.2(33)SRE12\",\n \"12.2(33)SRE13\",\n \"12.2(33)SRE14\",\n \"15.0(1)XO1\",\n \"15.0(1)XO\",\n \"15.0(2)XO\",\n \"15.0(1)S2\",\n \"15.0(1)S1\",\n \"15.0(1)S\",\n \"15.0(1)S3a\",\n \"15.0(1)S4\",\n \"15.0(1)S5\",\n \"15.0(1)S4a\",\n \"15.0(1)S6\",\n \"15.0(1)S10\",\n \"12.2(33)IRD\",\n \"12.2(33)IRE\",\n \"12.2(33)IRE2\",\n \"12.2(33)IRE1\",\n \"12.2(33)MRA\",\n \"12.2(33)MRA1\",\n \"12.2(33)MRB5\",\n \"12.2(33)MRB2\",\n \"12.2(33)MRB1\",\n \"12.2(33)MRB4\",\n \"12.2(33)MRB\",\n \"12.2(33)MRB3\",\n \"12.2(33)MRB6\",\n \"12.2(33a)SR\",\n \"12.4(21a)JHA\",\n \"12.4(21a)JHA1\",\n \"15.2(3)S\",\n \"15.2(1)S\",\n \"15.2(2)S\",\n \"15.2(1)S1\",\n \"15.2(4)S\",\n \"15.2(1s)S1\",\n \"15.2(1)S2\",\n \"15.2(2)S1\",\n \"15.2(2)S2\",\n \"15.2(2)S0a\",\n \"15.2(2)S0b\",\n \"15.2(2)S0c\",\n \"15.2(4)S1\",\n \"15.2(4)S4\",\n \"15.2(4)S6\",\n \"15.2(4)S2\",\n \"15.2(4)S5\",\n \"15.2(4)S3\",\n \"15.2(4)S0x\",\n \"15.2(4)S0xb\",\n \"15.2(4)S3a\",\n \"15.2(4)S4a\",\n \"15.2(4)S7\",\n \"12.2(18)SXG\",\n \"12.4(10b)JD\",\n \"15.3(1)T\",\n \"15.3(2)T\",\n \"15.3(3)T\",\n \"15.3(1)T1\",\n \"15.3(1)T2\",\n \"15.3(1)T3\",\n \"15.3(1)T4\",\n \"15.3(2)T1\",\n \"15.3(2)T2\",\n \"15.3(2)T3\",\n \"15.3(2)T4\",\n \"12.4(10b)JDE\",\n \"12.4(10b)JDE0\",\n \"12.2(33)XNH\",\n \"15.0(1)EY\",\n \"15.0(1)EY1\",\n \"15.0(1)EY2\",\n \"15.0(2)EY\",\n \"15.0(2)EY1\",\n \"15.0(2)EY2\",\n \"15.0(2)EY3\",\n \"12.4(20)MRB\",\n \"12.4(20)MRB1\",\n \"12.4(20)MRB2\",\n \"15.2(1)T\",\n \"15.2(2)T\",\n \"15.2(3)T\",\n \"15.2(1)T1\",\n \"15.2(1)T3\",\n \"15.2(1)T2\",\n \"15.2(1)T4\",\n \"15.2(2)T1\",\n \"15.2(3)T3\",\n \"15.2(3)T4\",\n \"15.2(3)T1\",\n \"15.2(2)T3\",\n \"15.2(3)T2\",\n \"15.2(2)T2\",\n \"15.2(2)T4\",\n \"15.2(1)T3a\",\n \"12.3(3d)M0\",\n \"12.3(8)JEE\",\n \"12.2(54)WO\",\n \"12.3(14)YV\",\n \"15.1(2)S\",\n \"15.1(1)S\",\n \"15.1(1)S1\",\n \"15.1(3)S\",\n \"15.1(1)S2\",\n \"15.1(2)S1\",\n \"15.1(2)S2\",\n \"15.1(3)S1\",\n \"15.1(3)S0a\",\n \"15.1(3)S2\",\n \"15.1(3)S4\",\n \"15.1(3)S3\",\n \"15.1(3)S5\",\n \"15.1(3)S6\",\n \"15.1(3)S5a\",\n \"12.3(8)EU\",\n \"12.4(22)MF\",\n \"15.1(4)M3\",\n \"15.1(4)M\",\n \"15.1(4)M1\",\n \"15.1(4)M2\",\n \"15.1(4)M6\",\n \"15.1(4)M5\",\n \"15.1(4)M4\",\n \"15.1(4)M7\",\n \"15.1(4)M3a\",\n \"15.1(4)M10\",\n \"15.1(4)M8\",\n \"15.1(4)M9\",\n \"12.2(33)IRF\",\n \"12.4(3g)JMC1\",\n \"12.4(3g)JMC\",\n \"12.4(3g)JMC2\",\n \"15.0(1)SE\",\n \"15.0(2)SE\",\n \"15.0(1)SE1\",\n \"15.0(1)SE2\",\n \"15.0(1)SE3\",\n \"15.0(2)SE1\",\n \"15.0(2)SE2\",\n \"15.0(2)SE3\",\n \"15.0(2)SE4\",\n \"15.0(2)SE5\",\n \"15.0(2)SE6\",\n \"15.0(2)SE7\",\n \"15.0(2)SE8\",\n \"15.1(2)GC\",\n \"15.1(2)GC1\",\n \"15.1(2)GC2\",\n \"15.1(4)GC\",\n \"15.1(4)GC1\",\n \"15.1(4)GC2\",\n \"15.0(1)SY\",\n \"15.0(1)SY0\",\n \"15.0(1)SY1\",\n \"15.0(1)SY2\",\n \"15.0(1)SY3\",\n \"15.0(1)SY4\",\n \"15.0(1)SY5\",\n \"15.0(1)SY6\",\n \"15.0(1)SY7\",\n \"15.0(1)SY8\",\n \"15.0(1)SY7a\",\n \"15.0(1)SY9\",\n \"15.0(1)SY10\",\n \"12.2(33)SXJ\",\n \"12.2(33)SXJ1\",\n \"12.2(33)SXJ2\",\n \"12.2(33)SXJ3\",\n \"12.2(33)SXJ4\",\n \"12.2(33)SXJ5\",\n \"12.2(33)SXJ6\",\n \"12.2(33)SXJ7\",\n \"12.2(33)SXJ8\",\n \"12.2(33)SXJ9\",\n \"12.2(33)SXJ10\",\n \"12.4(22)MX\",\n \"15.1(1)SG\",\n \"15.1(2)SG\",\n \"15.1(1)SG1\",\n \"15.1(1)SG2\",\n \"15.1(2)SG1\",\n \"15.1(2)SG2\",\n \"15.1(2)SG3\",\n \"15.1(2)SG4\",\n \"15.1(2)SG5\",\n \"12.1(5)YG\",\n \"15.0(1)MR\",\n \"15.0(1)MR1\",\n \"15.0(2)MR\",\n \"12.3(14)ZC\",\n \"12.4(23c)JZ\",\n \"12.2(33)SCF\",\n \"12.2(33)SCF1\",\n \"12.2(33)SCF2\",\n \"12.2(33)SCF3\",\n \"12.2(33)SCF4\",\n \"12.2(33)SCF5\",\n \"15.2(4)M\",\n \"15.2(4)M0a\",\n \"15.2(4)M1\",\n \"15.2(4)M2\",\n \"15.2(4)M4\",\n \"15.2(4)M3\",\n \"15.2(4)M5\",\n \"15.2(4)M8\",\n \"15.2(4)M7\",\n \"15.2(4)M6\",\n \"15.2(4)M6a\",\n \"12.2(33)SCE\",\n \"12.2(33)SCE1\",\n \"12.2(33)SCE2\",\n \"12.2(33)SCE3\",\n \"12.2(33)SCE4\",\n \"12.2(33)SCE5\",\n \"12.2(33)SCE6\",\n \"15.0(2)SG\",\n \"15.0(2)SG1\",\n \"15.0(2)SG2\",\n \"15.0(2)SG3\",\n \"15.0(2)SG4\",\n \"15.0(2)SG5\",\n \"15.0(2)SG6\",\n \"15.0(2)SG7\",\n \"15.0(2)SG8\",\n \"15.0(2)SG9\",\n \"15.0(2)SG10\",\n \"15.0(2)SG11\",\n \"12.4(24)MDB\",\n \"12.4(24)MDB1\",\n \"12.4(24)MDB2\",\n \"12.4(24)MDB3\",\n \"12.4(24)MDB4\",\n \"12.4(24)MDB5\",\n \"12.4(24)MDB6\",\n \"12.4(24)MDB7\",\n \"12.4(24)MDB5a\",\n \"12.4(24)MDB5b\",\n \"12.4(24)MDB8\",\n \"12.4(24)MDB9\",\n \"12.4(24)MDB10\",\n \"12.4(24)MDB11\",\n \"12.4(24)MDB12\",\n \"12.4(24)MDB13\",\n \"12.4(24)MDB14\",\n \"12.4(24)MDB15\",\n \"12.4(24)MDB16\",\n \"12.4(24)MDB17\",\n \"12.4(24)MDB18\",\n \"12.4(24)MDB19\",\n \"12.2(33)IRG\",\n \"12.2(33)IRG1\",\n \"12.4(21a)JHC\",\n \"15.1(1)MR\",\n \"15.1(1)MR1\",\n \"15.1(1)MR2\",\n \"15.1(1)MR3\",\n \"15.1(3)MR\",\n \"15.1(1)MR4\",\n \"15.1(3)MR1\",\n \"15.0(1)EX\",\n \"15.0(2)EX\",\n \"15.0(2)EX1\",\n \"15.0(2)EX2\",\n \"15.0(2)EX3\",\n \"15.0(2)EX4\",\n \"15.0(2)EX5\",\n \"15.0(2)EX8\",\n \"15.0(2a)EX5\",\n \"15.0(2)EX10\",\n \"15.2(1)GC\",\n \"15.2(1)GC1\",\n \"15.2(1)GC2\",\n \"15.2(2)GC\",\n \"15.2(3)GC\",\n \"15.2(3)GC1\",\n \"15.2(4)GC\",\n \"15.2(4)GC1\",\n \"15.2(4)GC2\",\n \"15.2(4)GC3\",\n \"15.1(2)EY\",\n \"15.1(2)EY1a\",\n \"15.1(2)EY2\",\n \"15.1(2)EY3\",\n \"15.1(2)EY2a\",\n \"15.1(2)EY4\",\n \"12.4(25)JAX\",\n \"12.4(25d)JAX\",\n \"12.4(25d)JAX1\",\n \"12.4(25e)JAX\",\n \"12.4(25e)JAX1\",\n \"12.4(25e)JAX2\",\n \"12.2(33)SCG\",\n \"12.2(33)SCG1\",\n \"12.2(33)SCG2\",\n \"12.2(33)SCG3\",\n \"12.2(33)SCG4\",\n \"12.2(33)SCG5\",\n \"12.2(33)SCG6\",\n \"12.2(33)SCG7\",\n \"15.1(2)MWR\",\n \"15.1(2)SNG\",\n \"15.1(2)SNG1\",\n \"12.4(24)MDC\",\n \"12.4(24)MDC1\",\n \"12.2(33)IRH\",\n \"12.2(33)IRH1\",\n \"15.1(1)SY\",\n \"15.1(1)SY1\",\n \"15.1(2)SY\",\n \"15.1(2)SY1\",\n \"15.1(2)SY2\",\n \"15.1(1)SY2\",\n \"15.1(1)SY3\",\n \"15.1(2)SY3\",\n \"15.1(1)SY4\",\n \"15.1(2)SY4\",\n \"15.1(1)SY5\",\n \"15.1(2)SY5\",\n \"15.1(2)SY4a\",\n \"15.1(1)SY6\",\n \"15.3(1)S\",\n \"15.3(2)S\",\n \"15.3(3)S\",\n \"15.3(1)S2\",\n \"15.3(1)S1\",\n \"15.3(2)S0a\",\n \"15.3(2)S2\",\n \"15.3(2)S1\",\n \"15.3(3)S1\",\n \"15.3(3)S2\",\n \"15.3(3)S3\",\n \"15.3(3)S6\",\n \"15.3(3)S0b\",\n \"15.3(3)S4\",\n \"15.3(3)S1a\",\n \"15.3(3)S5\",\n \"15.3(3)S7\",\n \"15.1(2)SNH\",\n \"15.2(1)SB2\",\n \"15.1(2)SNI\",\n \"15.1(2)SNI1\",\n \"15.2(2)SNG\",\n \"15.1(3)SVA\",\n \"15.4(1)T\",\n \"15.4(2)T\",\n \"15.4(1)T2\",\n \"15.4(1)T1\",\n \"15.4(1)T3\",\n \"15.4(2)T1\",\n \"15.4(2)T3\",\n \"15.4(2)T2\",\n \"15.4(1)T4\",\n \"15.4(2)T4\",\n \"12.4(25e)JAZ\",\n \"12.4(25d)JB1\",\n \"12.2(33)SCH\",\n \"12.2(33)SCH1\",\n \"12.2(33)SCH2\",\n \"12.2(33)SCH0a\",\n \"12.2(33)SCH3\",\n \"12.2(33)SCH2a\",\n \"12.2(33)SCH4\",\n \"12.2(33)SCH5\",\n \"12.2(33)SCH6\",\n \"12.4(25e)JAL\",\n \"12.4(25e)JAL1\",\n \"12.4(25e)JAL2\",\n \"12.4(25e)JAL1a\",\n \"12.4(25e)JAM1\",\n \"12.4(25e)JAN1\",\n \"12.4(25e)JAN2\",\n \"15.2(2)JA\",\n \"15.2(2a)JA\",\n \"15.2(2)JA1\",\n \"15.2(4)JA\",\n \"15.2(4)JA1\",\n \"15.0(2)EC\",\n \"15.0(2)EB\",\n \"15.2(1)E\",\n \"15.2(2)E\",\n \"15.2(1)E1\",\n \"15.2(3)E\",\n \"15.2(1)E2\",\n \"15.2(1)E3\",\n \"15.2(2)E1\",\n \"15.2(3)E1\",\n \"15.2(2)E2\",\n \"15.2(2a)E1\",\n \"15.2(2a)E2\",\n \"15.2(3)E2\",\n \"15.2(3a)E\",\n \"15.2(3m)E2\",\n \"15.2(3m)E3\",\n \"15.0(1)EW\",\n \"15.0(2)EW\",\n \"15.0(3)EW\",\n \"15.0(4)EW\",\n \"15.0(5)EW\",\n \"15.0(6)EW\",\n \"15.0(7)EW\",\n \"15.0(8)EW\",\n \"15.1(3)MRA\",\n \"15.1(3)MRA1\",\n \"15.1(3)MRA2\",\n \"15.1(3)MRA3\",\n \"15.1(3)MRA4\",\n \"15.2(2)SNH1\",\n \"15.1(3)SVB\",\n \"15.1(3)SVB1\",\n \"15.0(2)ED\",\n \"15.0(2)ED1\",\n \"15.2(4)JB\",\n \"15.2(4)JB1\",\n \"15.2(4)JB2\",\n \"15.2(4)JB3\",\n \"15.2(4)JB3a\",\n \"15.2(4)JB4\",\n \"15.2(4)JB3h\",\n \"15.2(4)JB3b\",\n \"15.2(4)JB3s\",\n \"15.2(4)JB5h\",\n \"15.2(4)JB5\",\n \"15.2(4)JB5m\",\n \"15.2(4)JB6\",\n \"15.2(4)JB7\",\n \"15.4(1)S\",\n \"15.4(2)S\",\n \"15.4(3)S\",\n \"15.4(1)S1\",\n \"15.4(1)S2\",\n \"15.4(2)S1\",\n \"15.4(1)S3\",\n \"15.4(3)S1\",\n \"15.4(2)S2\",\n \"15.4(3)S2\",\n \"15.4(3)S3\",\n \"15.4(1)S4\",\n \"15.4(2)S3\",\n \"15.4(2)S4\",\n \"15.2(2)JAX\",\n \"15.2(2)JAX1\",\n \"15.3(3)M\",\n \"15.3(3)M1\",\n \"15.3(3)M2\",\n \"15.3(3)M3\",\n \"15.3(3)M5\",\n \"15.3(3)M4\",\n \"15.3(3)M6\",\n \"15.3(3)M7\",\n \"15.2(2)SNI\",\n \"15.1(3)SVC\",\n \"15.2(2)JN\",\n \"15.2(2)JN1\",\n \"15.2(2)JN2\",\n \"15.2(4)JN\",\n \"15.2(3r)GCA\",\n \"15.0(2)EZ\",\n \"15.2(1)SC1\",\n \"15.2(1)SC\",\n \"15.0(2)EF\",\n \"15.0(2)EG\",\n \"15.1(3)SVD\",\n \"15.1(3)SVD1\",\n \"15.1(3)SVD2\",\n \"15.2(1)EY\",\n \"15.0(2)EJ\",\n \"15.0(2)EJ1\",\n \"15.0(2)EH\",\n \"15.2(1)EZ\",\n \"15.2(1)SY\",\n \"15.2(1)SY1\",\n \"15.2(1)SY0a\",\n \"15.2(1)SY1a\",\n \"15.1(3)SVF\",\n \"15.1(3)SVF1\",\n \"15.1(3)SVF4a\",\n \"15.1(3)SVE\",\n \"15.4(3)M\",\n \"15.4(3)M1\",\n \"15.4(3)M2\",\n \"15.4(3)M3\",\n \"12.4(25e)JAO\",\n \"12.4(25e)JAO1\",\n \"12.4(25e)JAO2\",\n \"12.4(25e)JAO3\",\n \"12.4(25e)JAO4\",\n \"12.4(25e)JAO3a\",\n \"12.4(25e)JAO5\",\n \"12.4(25e)JAO6\",\n \"15.0(2)EK\",\n \"15.0(2)EK1\",\n \"15.4(1)CG\",\n \"15.4(1)CG1\",\n \"15.4(2)CG\",\n \"15.5(1)S\",\n \"15.5(2)S\",\n \"15.5(1)S1\",\n \"15.5(1)S2\",\n \"15.5(2)S1\",\n \"15.2(2)EB\",\n \"15.2(2)EB1\",\n \"15.2(2)EB2\",\n \"15.5(1)T\",\n \"15.5(1)T1\",\n \"15.5(2)T\",\n \"15.5(1)T2\",\n \"15.5(2)T1\",\n \"15.2(2)EA1\",\n \"15.2(2)EA2\",\n \"15.2(3)EA\",\n \"15.3(3)JN3\",\n \"15.3(3)JN4\",\n \"15.3(3)JN7\",\n \"15.3(3)JN8\",\n \"12.2(33)SCI\",\n \"12.2(33)SCI1\",\n \"12.2(33)SCI1a\",\n \"12.2(33)SCI2\",\n \"12.2(33)SCI3\",\n \"12.2(33)SCI2a\",\n \"12.4(25e)JAP\",\n \"12.4(25e)JAP100\",\n \"12.4(25e)JAP1\",\n \"12.4(25e)JAP1m\",\n \"12.4(25e)JAP2\",\n \"12.4(25e)JAP26\",\n \"12.4(25e)JAP4\",\n \"12.4(25e)JAP5\",\n \"12.4(25e)JAP6\",\n \"12.4(25e)JAP1n\",\n \"12.4(25e)JAP7\",\n \"12.4(25e)JAP8\",\n \"12.4(25e)JAP9\",\n \"12.4(25e)JAP10\",\n \"12.4(25e)JAP11\",\n \"12.4(25e)JAP12\",\n \"12.4(25e)JAP13\",\n \"15.3(3)JA50\",\n \"15.3(3)JA\",\n \"15.3(3)JA1n\",\n \"15.3(3)JA1m\",\n \"15.3(3)JA1\",\n \"15.3(3)JA4\",\n \"15.3(3)JA5\",\n \"15.3(3)JA77\",\n \"15.3(3)JA6\",\n \"15.3(3)JA7\",\n \"15.3(3)JA8\",\n \"15.3(3)JA9\",\n \"15.3(3)JAA\",\n \"15.3(3)JAB\",\n \"15.3(3)JB\",\n \"15.3(3)JB75\",\n \"15.0(2)SQD\",\n \"15.0(2)SQD1\",\n \"15.0(2)SQD2\",\n \"15.0(2)SQD3\",\n \"15.0(2)SQD4\",\n \"15.0(2)SQD5\",\n \"15.0(2)SQD6\",\n \"15.0(2)SQD7\",\n \"15.3(3)JNB\",\n \"15.3(3)JNB1\",\n \"15.3(3)JNB2\",\n \"15.3(3)JNB3\",\n \"15.3(3)JAX\",\n \"15.3(3)JAX1\",\n \"15.3(3)JAX2\",\n \"15.3(3)JBB\",\n \"15.3(3)JBB1\",\n \"15.3(3)JBB50\",\n \"15.3(3)JBB2\",\n \"15.3(3)JBB4\",\n \"15.3(3)JBB5\",\n \"15.3(3)JBB6\",\n \"15.3(3)JBB8\",\n \"15.3(3)JBB6a\",\n \"15.3(3)JC\",\n \"15.3(3)JNC\",\n \"15.3(3)JNC1\",\n \"12.2(33)SCJ\",\n \"12.2(33)SCJ1a\",\n \"12.2(33)SCJ2\",\n \"12.2(33)SCJ2a\",\n \"12.2(33)SCJ2b\",\n \"12.2(33)SCJ2c\",\n \"12.2(33)SCJ3\",\n \"12.2(33)SCJ4\",\n \"15.3(3)JNP\",\n \"15.3(3)JNP1\",\n \"15.3(3)JE1\",\n \"15.3(3)JDA\"\n);\n\nworkarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);\nworkaround_params = make_list();\n\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_WARNING,\n 'version' , product_info['version'],\n 'bug_id' , \"CSCut77619\"\n);\n\ncisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "message authentication code implementation is invalid and can be bypasses.", "modified": "2015-04-08T00:00:00", "published": "2015-04-08T00:00:00", "id": "SECURITYVULNS:VULN:14360", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14360", "title": "ntpd restrictions bypass", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n=============================================================================\r\nFreeBSD-SA-15:07.ntp Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: Multiple vulnerabilities of ntp\r\n\r\nCategory: contrib\r\nModule: ntp\r\nAnnounced: 2015-04-07\r\nCredits: Network Time Foundation\r\nAffects: All supported versions of FreeBSD.\r\nCorrected: 2015-04-07 20:20:24 UTC &#40;stable/10, 10.1-STABLE&#41;\r\n 2015-04-07 20:21:01 UTC &#40;releng/10.1, 10.1-RELEASE-p9&#41;\r\n 2015-04-07 20:20:44 UTC &#40;stable/9, 9.3-STABLE&#41;\r\n 2015-04-07 20:21:23 UTC &#40;releng/9.3, 9.3-RELEASE-p13&#41;\r\n 2015-04-07 20:20:44 UTC &#40;stable/8, 8.4-STABLE&#41;\r\n 2015-04-07 20:21:23 UTC &#40;releng/8.4, 8.4-RELEASE-p27&#41;\r\nCVE Name: CVE-2014-9297, CVE-2015-1798, CVE-2015-1799\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit &lt;URL:https://security.FreeBSD.org/&gt;.\r\n\r\nI. Background\r\n\r\nThe ntpd&#40;8&#41; daemon is an implementation of the Network Time Protocol &#40;NTP&#41;\r\nused to synchronize the time of a computer system to a reference time\r\nsource.\r\n\r\nII. Problem Description\r\n\r\nThe vallen packet value is not validated in several code paths in\r\nntp_crypto.c. [CVE-2014-9297]\r\n\r\nWhen ntpd&#40;8&#41; is configured to use a symmetric key to authenticate a remote\r\nNTP server/peer, it checks if the NTP message authentication code &#40;MAC&#41;\r\nin received packets is valid, but not that there actually is any MAC\r\nincluded, and packets without a MAC are accepted as if they had a valid\r\nMAC. [CVE-2015-1798]\r\n\r\nNTP state variables are updated prior to validating the received packets.\r\n[CVE-2015-1799]\r\n\r\nIII. Impact\r\n\r\nA remote attacker who can send specifically crafted packets may be able\r\nto reveal memory contents of ntpd&#40;8&#41; or cause it to crash, when ntpd&#40;8&#41;\r\nis configured to use autokey. [CVE-2014-9297]\r\n\r\nA man-in-the-middle &#40;MITM&#41; attacker can send specially forged packets\r\nthat would be accepted by the client/peer without having to know the\r\nsymmetric key. [CVE-2015-1798]\r\n\r\nAn attacker knowing that NTP hosts A and B are peering with each other\r\n&#40;symmetric association&#41; can periodically send a specially crafted or\r\nreplayed packet which will break the synchronization between the two\r\npeers due to transmit timestamp mismatch, preventing the two nodes from\r\nsynchronizing with each other, even when authentication is enabled.\r\n[CVE-2015-1799]\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available, but systems not running ntpd&#40;8&#41; are not\r\naffected.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1&#41; Upgrade your vulnerable system to a supported FreeBSD stable or\r\nrelease / security branch &#40;releng&#41; dated after the correction date.\r\n\r\n2&#41; To update your vulnerable system via a binary patch:\r\n\r\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\r\nplatforms can be updated via the freebsd-update&#40;8&#41; utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\n3&#41; To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to the applicable\r\nFreeBSD release branches.\r\n\r\na&#41; Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch\r\n# fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch.asc\r\n# gpg --verify ntp.patch.asc\r\n\r\nb&#41; Apply the patch. Execute the following commands as root:\r\n\r\n# cd /usr/src\r\n# patch &lt; /path/to/patch\r\n\r\nc&#41; Recompile the operating system using buildworld and installworld as\r\ndescribed in &lt;URL:https://www.FreeBSD.org/handbook/makeworld.html&gt;.\r\n\r\nRestart the applicable daemons, or reboot the system.\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the correction revision numbers for each\r\naffected branch.\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/8/ r281231\r\nreleng/8.4/ r281233\r\nstable/9/ r281231\r\nreleng/9.3/ r281233\r\nstable/10/ r281230\r\nreleng/10.1/ r281232\r\n- -------------------------------------------------------------------------\r\n\r\nTo see which files were modified by a particular revision, run the\r\nfollowing command, replacing NNNNNN with the revision number, on a\r\nmachine with Subversion installed:\r\n\r\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\r\n\r\nOr visit the following URL, replacing NNNNNN with the revision number:\r\n\r\n&lt;URL:https://svnweb.freebsd.org/base?view=revision&amp;revision=NNNNNN&gt;\r\n\r\nVII. References\r\n\r\n&lt;URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297&gt;\r\n\r\n&lt;URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798&gt;\r\n\r\n&lt;URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799&gt;\r\n\r\nThe latest revision of this advisory is available at\r\n&lt;URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:07.ntp.asc&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.1.2 &#40;FreeBSD&#41;\r\n\r\niQIcBAEBCgAGBQJVJD4CAAoJEO1n7NZdz2rn4doQAKwA67MgX6jiCS4dm1roREi+\r\nG1moTCtqO8LXzH3nOOOk6R/MqFGOs6Jq8D+K/YmdD+4l3c/qCNR0qtv0YcVL0kE+\r\n+xfaIYoGxTzlPjEfpWtceCM0wcAThaF8085hi0IAzG7ozhKPt+Inv33ISgos5c7h\r\nzYcbTqBYgQqcJGWdftnYpZ1Nxvoa3wiOlxsOMa4qnNeUakeXcGLZ+1XB5pLjXMZF\r\ndHfKhMS6KxcUdHoPgOj468D3bQE05puLk13Kjy+Ti38GhcgMROAsMZVOzgno3J7g\r\nD7Hk4dR1dms+6xcSJ0BV4ej0ZfypGv0xiFmUiTk/p7AVbnqrChyjvGca+8reu+Gc\r\nKs/67oZjP5rc0glvRFgjJBmQV/xK2rUK805e4eAm8qBecRjDv6M3mUmPdw5BlgcA\r\n7fcj4VdGkOzLB0Vj7uJFjf3p9cyT+x8yvMtknxehiYmrYnFDsM5d7lcv0+KnRzb2\r\n3bt6maO40wqWIcLErFthcT/nLP+wi35aykNIbGh7PXvqL92gWX+h/xB6YY9Ouo4N\r\nhb32W/F5O50MjL6BeY+k5J6usoFrk0EHWK+2Fxm2/AA/5K/JnryWN44F8PVPNzxE\r\nf+Vb6CzxBvmflpa/29tF/wSD0oU78AhuShtVrnEVT5ZWJj+/PHBZtcLk2Z+s5hgd\r\nhKFvV5Xqix0/U//+yGhj\r\n=1fHm\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-04-08T00:00:00", "published": "2015-04-08T00:00:00", "id": "SECURITYVULNS:DOC:31887", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31887", "title": "FreeBSD Security Advisory FreeBSD-SA-15:07.ntp", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\r\n2015-005\r\n\r\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\r\nand address the following:\r\n\r\nAdmin Framework\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A process may gain admin privileges without proper\r\nauthentication\r\nDescription: An issue existed when checking XPC entitlements. This\r\nissue was addressed through improved entitlement checking.\r\nCVE-ID\r\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\r\n\r\nAdmin Framework\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A non-admin user may obtain admin rights\r\nDescription: An issue existed in the handling of user\r\nauthentication. This issue was addressed through improved error\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\r\n\r\nAdmin Framework\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker may abuse Directory Utility to gain root\r\nprivileges\r\nDescription: Directory Utility was able to be moved and modified to\r\nachieve code execution within an entitled process. This issue was\r\naddressed by limiting the disk location that writeconfig clients may\r\nbe executed from.\r\nCVE-ID\r\nCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec\r\n\r\nafpserver\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the AFP server.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3674 : Dean Jerkovich of NCC Group\r\n\r\napache\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker may be able to access directories that are\r\nprotected with HTTP authentication without knowing the correct\r\ncredentials\r\nDescription: The default Apache configuration did not include\r\nmod_hfs_apple. If Apache was manually enabled and the configuration\r\nwas not changed, some files that should not be accessible might have\r\nbeen accessible using a specially crafted URL. This issue was\r\naddressed by enabling mod_hfs_apple.\r\nCVE-ID\r\nCVE-2015-3675 : Apple\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple vulnerabilities exist in PHP, the most serious of\r\nwhich may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.24 and 5.4.40. These were addressed by updating PHP to\r\nversions 5.5.24 and 5.4.40.\r\nCVE-ID\r\nCVE-2015-0235\r\nCVE-2015-0273\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-3676 : Chen Liang of KEEN Team\r\n\r\nAppleFSCompression\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in LZVN compression that could have\r\nled to the disclosure of kernel memory content. This issue was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3677 : an anonymous researcher working with HP&#39;s Zero Day\r\nInitiative\r\n\r\nAppleThunderboltEDMService\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the handling of\r\ncertain Thunderbolt commands from local processes. This issue was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3678 : Apple\r\n\r\nATS\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in handling\r\nof certain fonts. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3679 : Pawel Wylecial working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3680 : Pawel Wylecial working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3681 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3682 : Nuode Wei\r\n\r\nBluetooth\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the Bluetooth HCI\r\ninterface. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept network traffic\r\nDescription: An intermediate certificate was incorrectly issued by\r\nthe certificate authority CNNIC. This issue was addressed through the\r\naddition of a mechanism to trust only a subset of certificates issued\r\nprior to the mis-issuance of the intermediate. Further details are\r\navailable at https://support.apple.com/en-us/HT204938\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork HTTPAuthentication\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Following a maliciously crafted URL may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in handling of\r\ncertain URL credentials. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3684 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted text file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of text files. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1157\r\nCVE-2015-3685 : Apple\r\nCVE-2015-3686 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3687 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3688 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\nCVE-2015-3689 : Apple\r\n\r\ncoreTLS\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker with a privileged network position may intercept\r\nSSL/TLS connections\r\nDescription: coreTLS accepted short ephemeral Diffie-Hellman &#40;DH&#41;\r\nkeys, as used in export-strength ephemeral DH cipher suites. This\r\nissue, also known as Logjam, allowed an attacker with a privileged\r\nnetwork position to downgrade security to 512-bit DH if the server\r\nsupported an export-strength ephemeral DH cipher suite. The issue was\r\naddressed by increasing the default minimum size allowed for DH\r\nephemeral keys to 768 bits.\r\nCVE-ID\r\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\r\n\r\nDiskImages\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An information disclosure issue existed in the\r\nprocessing of disk images. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2015-3690 : Peter Rutenbar working with HP&#39;s Zero Day Initiative\r\n\r\nDisplay Drivers\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An issue existed in the Monitor Control Command Set\r\nkernel extension by which a userland process could control the value\r\nof a function pointer within the kernel. The issue was addressed by\r\nremoving the affected interface.\r\nCVE-ID\r\nCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nEFI\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application with root privileges may be able to\r\nmodify EFI flash memory\r\nDescription: An insufficient locking issue existed with EFI flash\r\nwhen resuming from sleep states. This issue was addressed through\r\nimproved locking.\r\nCVE-ID\r\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\r\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\r\n\r\nEFI\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may induce memory corruption to\r\nescalate privileges\r\nDescription: A disturbance error, also known as Rowhammer, exists\r\nwith some DDR3 RAM that could have led to memory corruption. This\r\nissue was mitigated by increasing memory refresh rates.\r\nCVE-ID\r\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\r\nfrom original research by Yoongu Kim et al &#40;2014&#41;\r\n\r\nFontParser\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3694 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\nGraphics Driver\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An out of bounds write issue existed in NVIDIA graphics\r\ndriver. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-3712 : Ian Beer of Google Project Zero\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple buffer overflow issues exist in the Intel graphics\r\ndriver, the most serious of which may lead to arbitrary code\r\nexecution with system privileges\r\nDescription: Multiple buffer overflow issues existed in the Intel\r\ngraphics driver. These were addressed through additional bounds\r\nchecks.\r\nCVE-ID\r\nCVE-2015-3695 : Ian Beer of Google Project Zero\r\nCVE-2015-3696 : Ian Beer of Google Project Zero\r\nCVE-2015-3697 : Ian Beer of Google Project Zero\r\nCVE-2015-3698 : Ian Beer of Google Project Zero\r\nCVE-2015-3699 : Ian Beer of Google Project Zero\r\nCVE-2015-3700 : Ian Beer of Google Project Zero\r\nCVE-2015-3701 : Ian Beer of Google Project Zero\r\nCVE-2015-3702 : KEEN Team\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple vulnerabilities existed in libtiff, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in libtiff versions\r\nprior to 4.0.4. They were addressed by updating libtiff to version\r\n4.0.4.\r\nCVE-ID\r\nCVE-2014-8127\r\nCVE-2014-8128\r\nCVE-2014-8129\r\nCVE-2014-8130\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted .tiff file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\n.tiff files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3703 : Apple\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Several issues existed in how Install.framework&#39;s\r\n&#39;runner&#39; setuid binary dropped privileges. This was addressed by\r\nproperly dropping privileges.\r\nCVE-ID\r\nCVE-2015-3704 : Ian Beer of Google Project Zero\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple memory corruption issues existed in\r\nIOAcceleratorFamily. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3705 : KEEN Team\r\nCVE-2015-3706 : KEEN Team\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple null pointer dereference issues existed in the\r\nFireWire driver. These issues were addressed through improved error\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue existed in the handling of\r\nAPIs related to kernel extensions which could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed through\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3720 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue existed in the handling of\r\nHFS parameters which could have led to the disclosure of kernel\r\nmemory layout. This issue was addressed through improved memory\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-3721 : Ian Beer of Google Project Zero\r\n\r\nkext tools\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: kextd followed symbolic links while creating a new\r\nfile. This issue was addressed through improved handling of symbolic\r\nlinks.\r\nCVE-ID\r\nCVE-2015-3708 : Ian Beer of Google Project Zero\r\n\r\nkext tools\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A local user may be able to load unsigned kernel extensions\r\nDescription: A time-of-check time-of-use &#40;TOCTOU&#41; race condition\r\ncondition existed while validating the paths of kernel extensions.\r\nThis issue was addressed through improved checks to validate the path\r\nof the kernel extensions.\r\nCVE-ID\r\nCVE-2015-3709 : Ian Beer of Google Project Zero\r\n\r\nMail\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A maliciously crafted email can replace the message content\r\nwith an arbitrary webpage when the message is viewed\r\nDescription: An issue existed in the support for HTML email which\r\nallowed message content to be refreshed with an arbitrary webpage.\r\nThe issue was addressed through restricted support for HTML content.\r\nCVE-ID\r\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\r\n\r\nntfs\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in NTFS that could have led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-3711 : Peter Rutenbar working with HP&#39;s Zero Day Initiative\r\n\r\nntp\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: An attacker in a privileged position may be able to perform\r\na denial of service attack against two ntp clients\r\nDescription: Multiple issues existed in the authentication of ntp\r\npackets being received by configured end-points. These issues were\r\naddressed through improved connection state management.\r\nCVE-ID\r\nCVE-2015-1798\r\nCVE-2015-1799\r\n\r\nOpenSSL\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Multiple issues exist in OpenSSL, including one that may\r\nallow an attacker to intercept connections to a server that supports\r\nexport-grade ciphers\r\nDescription: Multiple issues existed in OpenSSL 0.9.8zd which were\r\naddressed by updating OpenSSL to version 0.9.8zf.\r\nCVE-ID\r\nCVE-2015-0209\r\nCVE-2015-0286\r\nCVE-2015-0287\r\nCVE-2015-0288\r\nCVE-2015-0289\r\nCVE-2015-0293\r\n\r\nQuickTime\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3661 : G. Geshev working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3662 : kdot working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3663 : kdot working with HP&#39;s Zero Day Initiative\r\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP&#39;s Zero\r\nDay Initiative\r\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\r\nLu of Fortinet&#39;s FortiGuard Labs, Ryan Pentney, and Richard Johnson\r\nof Cisco Talos and Kai Lu of Fortinet&#39;s FortiGuard Labs\r\nCVE-2015-3668 : Kai Lu of Fortinet&#39;s FortiGuard Labs\r\nCVE-2015-3713 : Apple\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may cause an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: An integer overflow existed in the Security framework\r\ncode for parsing S/MIME e-mail and some other signed or encrypted\r\nobjects. This issue was addressed through improved validity checking.\r\nCVE-ID\r\nCVE-2013-1741\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Tampered applications may not be prevented from launching\r\nDescription: Apps using custom resource rules may have been\r\nsusceptible to tampering that would not have invalidated the\r\nsignature. This issue was addressed with improved resource\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3714 : Joshua Pitts of Leviathan Security Group\r\n\r\nSecurity\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious application may be able to bypass code signing\r\nchecks\r\nDescription: An issue existed where code signing did not verify\r\nlibraries loaded outside the application bundle. This issue was\r\naddressed with improved bundle verification.\r\nCVE-ID\r\nCVE-2015-3715 : Patrick Wardle of Synack\r\n\r\nSpotlight\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.3\r\nImpact: Searching for a malicious file with Spotlight may lead to\r\ncommand injection\r\nDescription: A command injection vulnerability existed in the\r\nhandling of filenames of photos added to the local photo library.\r\nThis issue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-3716 : Apple\r\n\r\nSQLite\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A remote attacker may cause an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflows existed in SQLite&#39;s printf\r\nimplementation. These issues were addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-3717 : Peter Rutenbar working with HP&#39;s Zero Day Initiative\r\n\r\nSystem Stats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: A malicious app may be able to compromise systemstatsd\r\nDescription: A type confusion issue existed in systemstatsd&#39;s\r\nhandling of interprocess communication. By sending a maliciously\r\nformatted message to systemstatsd, it may have been possible to\r\nexecute arbitrary code as the systemstatsd process. The issue was\r\naddressed through additional type checking.\r\nCVE-ID\r\nCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nTrueTypeScaler\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3719 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\nzip\r\nAvailable for: OS X Yosemite v10.10 to v10.10.3\r\nImpact: Extracting a maliciously crafted zip file using the unzip\r\ntool may lead to an unexpected application termination or arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of zip files. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\n\r\nCVE-2014-8139\r\nCVE-2014-8140\r\nCVE-2014-8141\r\n\r\n\r\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7.\r\nhttps://support.apple.com/en-us/HT204950\r\n\r\nOS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained\r\nfrom the Mac App Store or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue\r\nmFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7\r\nkbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo\r\nEKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w\r\naGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH\r\ncMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL\r\nU4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+\r\naftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U\r\nTUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC\r\n3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J\r\n1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI\r\n+gGm5FbAxjxElgA/gbaq\r\n=KLda\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:DOC:32267", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32267", "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Privilege escalation, information disclosure, multiple memory corruptions.", "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:VULN:14562", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14562", "title": "Apple Mac OS X / EFI multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:48:51", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3223-1 security@debian.org\nhttp://www.debian.org/security/ Alessandro Ghedini\nApril 12, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ntp\nCVE ID : CVE-2015-1798 CVE-2015-1799\nDebian Bug : 782095\n\nMultiple vulnerabilities were discovered in ntp, an implementation of the\nNetwork Time Protocol:\n\nCVE-2015-1798\n\n When configured to use a symmetric key with an NTP peer, ntpd would\n accept packets without MAC as if they had a valid MAC. This could\n allow a remote attacker to bypass the packet authentication and send\n malicious packets without having to know the symmetric key.\n\nCVE-2015-1799\n\n When peering with other NTP hosts using authenticated symmetric\n association, ntpd would update its internal state variables before\n the MAC of the NTP messages was validated. This could allow a remote\n attacker to cause a denial of service by impeding synchronization\n between NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7.\n\nWe recommend that you upgrade your ntp packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-04-12T16:29:33", "published": "2015-04-12T16:29:33", "id": "DEBIAN:DSA-3223-1:2BB15", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00111.html", "title": "[SECURITY] [DSA 3223-1] ntp security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:35", "bulletinFamily": "unix", "description": "Package : ntp\nVersion : 1:4.2.6.p2+dfsg-1+deb6u3\nCVE ID : CVE-2015-1798 CVE-2015-1799\nDebian Bug : #782095\n\nBrief introduction \n\nCVE-2015-1798\n\n When ntpd is configured to use a symmetric key to authenticate a remote NTP\n server/peer, it checks if the NTP message authentication code (MAC) in received\n packets is valid, but not if there actually is any MAC included. Packets without\n a MAC are accepted as if they had a valid MAC. This allows a MITM attacker to\n send false packets that are accepted by the client/peer without having to know\n the symmetric key. The attacker needs to know the transmit timestamp of the\n client to match it in the forged reply and the false reply needs to reach the\n client before the genuine reply from the server. The attacker doesn&#x27;t\n necessarily need to be relaying the packets between the client and the server.\n \n Authentication using autokey doesn&#x27;t have this problem as there is a check that\n requires the key ID to be larger than NTP_MAXKEY, which fails for packets\n without a MAC.\n\nCVE-2015-1799\n\n An attacker knowing that NTP hosts A and B are peering with each other\n (symmetric association) can send a packet to host A with source address of B\n which will set the NTP state variables on A to the values sent by the attacker.\n Host A will then send on its next poll to B a packet with originate timestamp\n that doesn&#x27;t match the transmit timestamp of B and the packet will be dropped.\n If the attacker does this periodically for both hosts, they won&#x27;t be able to\n synchronize to each other. This is a known denial-of-service attack, described\n at https://www.eecis.udel.edu/~mills/onwire.html .\n \n According to the document the NTP authentication is supposed to protect\n symmetric associations against this attack, but that doesn&#x27;t seem to be the\n case. The state variables are updated even when authentication fails and the\n peers are sending packets with originate timestamps that don&#x27;t match the\n transmit timestamps on the receiving side.\n\nntp-keygen on big endian hosts\n\n Using ntp-keygen to generate an MD5 key on big endian hosts resulted in\n either an infite loop or an key of only 93 possible keys.\n", "modified": "2015-04-10T21:53:09", "published": "2015-04-10T21:53:09", "id": "DEBIAN:DLA-192-1:FEA6C", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00006.html", "title": "[SECURITY] [DLA 192-1] ntp security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:43", "bulletinFamily": "unix", "description": "\nntp.org reports:\n\n\n[Sec 2779] ntpd accepts unauthenticated packets\n\t with symmetric key crypto.\n[Sec 2781] Authentication doesn't protect symmetric\n\t associations against DoS attacks.\n\n\n", "modified": "2015-04-07T00:00:00", "published": "2015-04-07T00:00:00", "id": "EBD84C96-DD7E-11E4-854E-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/ebd84c96-dd7e-11e4-854e-3c970e169bc2.html", "title": "ntp -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-03-14T14:27:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-04-14T00:00:00", "id": "OPENVAS:1361412562310842167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842167", "title": "Ubuntu Update for ntp USN-2567-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for ntp USN-2567-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842167\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-14 07:18:57 +0200 (Tue, 14 Apr 2015)\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for ntp USN-2567-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Miroslav Lichvar discovered that NTP\nincorrectly validated MAC fields. A remote attacker could possibly use this issue\nto bypass authentication and spoof packets. (CVE-2015-1798)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain invalid\npackets. A remote attacker could possibly use this issue to cause a denial\nof service. (CVE-2015-1799)\n\nJuergen Perlinger discovered that NTP incorrectly generated MD5 keys on\nbig-endian platforms. This issue could either cause ntp-keygen to hang, or\ncould result in non-random keys. (CVE number pending)\");\n script_tag(name:\"affected\", value:\"ntp on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2567-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2567-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.10.3\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p3+dfsg-1ubuntu3.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:53:48", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798 \nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799 \nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.", "modified": "2017-07-07T00:00:00", "published": "2015-04-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703223", "id": "OPENVAS:703223", "title": "Debian Security Advisory DSA 3223-1 (ntp - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3223.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3223-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703223);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_name(\"Debian Security Advisory DSA 3223-1 (ntp - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-12 00:00:00 +0200 (Sun, 12 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3223.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"ntp on Debian Linux\");\n script_tag(name: \"insight\", value: \"NTP, the Network Time Protocol,\nis used to keep computer clocks accurate by synchronizing them over the\nInternet or a local network, or by following an accurate hardware receiver\nthat interprets GPS, DCF-77, NIST or similar time signals.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798 \nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799 \nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:56", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798 \nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799 \nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.", "modified": "2018-04-06T00:00:00", "published": "2015-04-12T00:00:00", "id": "OPENVAS:1361412562310703223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703223", "title": "Debian Security Advisory DSA 3223-1 (ntp - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3223.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3223-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703223\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_name(\"Debian Security Advisory DSA 3223-1 (ntp - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-12 00:00:00 +0200 (Sun, 12 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3223.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"ntp on Debian Linux\");\n script_tag(name: \"insight\", value: \"NTP, the Network Time Protocol,\nis used to keep computer clocks accurate by synchronizing them over the\nInternet or a local network, or by following an accurate hardware receiver\nthat interprets GPS, DCF-77, NIST or similar time signals.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\ndiscovered in ntp, an implementation of the Network Time Protocol:\n\nCVE-2015-1798 \nWhen configured to use a symmetric key with an NTP peer, ntpd would\naccept packets without MAC as if they had a valid MAC. This could\nallow a remote attacker to bypass the packet authentication and send\nmalicious packets without having to know the symmetric key.\n\nCVE-2015-1799 \nWhen peering with other NTP hosts using authenticated symmetric\nassociation, ntpd would update its internal state variables before\nthe MAC of the NTP messages was validated. This could allow a remote\nattacker to cause a denial of service by impeding synchronization\nbetween NTP peers.\n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-2+deb7u4\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-30T12:37:30", "bulletinFamily": "scanner", "description": "Multiple Cisco products incorporate a version of the ntpd package.\n Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated,\n remote attacker to bypass authentication controls or to create a denial of service (DoS) condition.\n\n On April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding\n bypass of authentication controls. These vulnerabilities are referenced in this document as follows:\n\n - CVE-2015-1798: NTP Authentication bypass vulnerability\n\n - CVE-2015-1799: NTP Authentication doesn", "modified": "2018-10-29T00:00:00", "published": "2016-05-10T00:00:00", "id": "OPENVAS:1361412562310105677", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105677", "title": "Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ios_xe_cisco-sa-20150408-ntpd.nasl 12149 2018-10-29 10:48:30Z asteins $\n#\n# Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:cisco:ios_xe\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105677\");\n script_cve_id(\"CVE-2015-1799\", \"CVE-2015-1798\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 12149 $\");\n\n script_name(\"Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd\");\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=36857\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Multiple Cisco products incorporate a version of the ntpd package.\n Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated,\n remote attacker to bypass authentication controls or to create a denial of service (DoS) condition.\n\n On April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding\n bypass of authentication controls. These vulnerabilities are referenced in this document as follows:\n\n - CVE-2015-1798: NTP Authentication bypass vulnerability\n\n - CVE-2015-1799: NTP Authentication doesn't protect symmetric associations against DoS attacks\n\n Cisco has released software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities are available.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-29 11:48:30 +0100 (Mon, 29 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 10:51:31 +0200 (Tue, 10 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ios_xe_version.nasl\");\n script_mandatory_keys(\"cisco_ios_xe/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n\t\t'2.1.0',\n\t\t'2.1.1',\n\t\t'2.1.2',\n\t\t'2.2.1',\n\t\t'2.2.2',\n\t\t'2.2.3',\n\t\t'2.3.0',\n\t\t'2.3.0t',\n\t\t'2.3.1t',\n\t\t'2.3.2',\n\t\t'2.4.0',\n\t\t'2.4.1',\n\t\t'2.5.0',\n\t\t'2.5.1',\n\t\t'2.5.2',\n\t\t'2.6.0',\n\t\t'2.6.1',\n\t\t'2.6.2',\n\t\t'3.1.0S',\n\t\t'3.1.1S',\n\t\t'3.1.2S',\n\t\t'3.1.3S',\n\t\t'3.1.4S',\n\t\t'3.1.5S',\n\t\t'3.1.6S',\n\t\t'3.1.0SG',\n\t\t'3.1.1SG',\n\t\t'3.2.0S',\n\t\t'3.2.1S',\n\t\t'3.2.2S',\n\t\t'3.2.3S',\n\t\t'3.2.0SE',\n\t\t'3.2.1SE',\n\t\t'3.2.2SE',\n\t\t'3.2.3SE',\n\t\t'3.2.0SG',\n\t\t'3.2.1SG',\n\t\t'3.2.2SG',\n\t\t'3.2.3SG',\n\t\t'3.2.4SG',\n\t\t'3.2.5SG',\n\t\t'3.2.6SG',\n\t\t'3.2.7SG',\n\t\t'3.2.8SG',\n\t\t'3.2.9SG',\n\t\t'3.2.0XO',\n\t\t'3.2.1XO',\n\t\t'3.3.0S',\n\t\t'3.3.1S',\n\t\t'3.3.2S',\n\t\t'3.3.0SE',\n\t\t'3.3.1SE',\n\t\t'3.3.2SE',\n\t\t'3.3.3SE',\n\t\t'3.3.4SE',\n\t\t'3.3.5SE',\n\t\t'3.3.0SG',\n\t\t'3.3.1SG',\n\t\t'3.3.2SG',\n\t\t'3.3.0SQ',\n\t\t'3.3.1SQ',\n\t\t'3.3.0XO',\n\t\t'3.3.1XO',\n\t\t'3.3.2XO',\n\t\t'3.4.0S',\n\t\t'3.4.1S',\n\t\t'3.4.2S',\n\t\t'3.4.3S',\n\t\t'3.4.4S',\n\t\t'3.4.5S',\n\t\t'3.4.6S',\n\t\t'3.4.0SG',\n\t\t'3.4.1SG',\n\t\t'3.4.2SG',\n\t\t'3.4.3SG',\n\t\t'3.4.4SG',\n\t\t'3.4.5SG',\n\t\t'3.4.0SQ',\n\t\t'3.4.1SQ',\n\t\t'3.5.0E',\n\t\t'3.5.1E',\n\t\t'3.5.2E',\n\t\t'3.5.3E',\n\t\t'3.5.0S',\n\t\t'3.5.1S',\n\t\t'3.5.2S',\n\t\t'3.6.0E',\n\t\t'3.6.1E',\n\t\t'3.6.0S',\n\t\t'3.6.1S',\n\t\t'3.6.2S',\n\t\t'3.7.0E',\n\t\t'3.7.0S',\n\t\t'3.7.1S',\n\t\t'3.7.2S',\n\t\t'3.7.3S',\n\t\t'3.7.4S',\n\t\t'3.7.5S',\n\t\t'3.7.6S',\n\t\t'3.7.7S',\n\t\t'3.8.0S',\n\t\t'3.8.1S',\n\t\t'3.8.2S',\n\t\t'3.9.0S',\n\t\t'3.9.1S',\n\t\t'3.9.2S',\n\t\t'3.10.0S',\n\t\t'3.10.0S',\n\t\t'3.10.1S',\n\t\t'3.10.2S',\n\t\t'3.10.3S',\n\t\t'3.10.4S',\n\t\t'3.10.5S',\n\t\t'3.10.6S',\n\t\t'3.11.0S',\n\t\t'3.11.1S',\n\t\t'3.11.2S',\n\t\t'3.11.3S',\n\t\t'3.11.4S',\n\t\t'3.12.0S',\n\t\t'3.12.1S',\n\t\t'3.12.2S',\n\t\t'3.12.3S',\n\t\t'3.13.0S',\n\t\t'3.13.1S',\n\t\t'3.13.2S',\n\t\t'3.14.0S',\n\t\t'3.14.1S',\n\t\t'3.14.2S',\n\t\t'3.14.3S',\n\t\t'3.14.4S',\n\t\t'3.15.0S' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:30:22", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120060", "title": "Amazon Linux Local Check: ALAS-2015-520", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-520.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120060\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:30 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-520\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in NTP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update ntp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-520.html\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~30.24.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:36:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869656", "title": "Fedora Update for ntp FEDORA-2015-5761", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2015-5761\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869656\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:32:22 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-1799\", \"CVE-2015-1798\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2015-5761\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5761\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~30.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:39:44", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201509-01", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121407", "title": "Gentoo Security Advisory GLSA 201509-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201509-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121407\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:29:01 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201509-01\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201509-01\");\n script_cve_id(\"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-5146\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201509-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/ntp\", unaffected: make_list(\"ge 4.2.8_p3\"), vulnerable: make_list(\"lt 4.2.8_p3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:06", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1459", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123068", "title": "Oracle Linux Local Check: ELSA-2015-1459", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1459.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123068\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:57 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1459\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1459 - ntp security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1459\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1459.html\");\n script_cve_id(\"CVE-2014-9297\", \"CVE-2014-9298\", \"CVE-2015-1798\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-23T15:13:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310871405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871405", "title": "RedHat Update for ntp RHSA-2015:1459-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ntp RHSA-2015:1459-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871405\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2014-9750\", \"CVE-2014-9751\", \"CVE-2015-1799\", \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:26:09 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ntp RHSA-2015:1459-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith another referenced time source.\n\nIt was found that because NTP's access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send malicious\ncontrol and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2014-9751)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichvar of Red Hat.\n\nBug fixes:\n\n * The ntpd daemon truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. The maximum length of keys has now\nbeen changed to 32 bytes. (BZ#1053551)\n\n * The ntp-keygen utility used the exponent of 3 when generating RSA keys,\nand generating RSA keys failed when FIPS mode was enabled. ntp-keygen has\nbeen modified to use the exponent of 65537, and generating keys in FIPS\nmode now works as expected. (BZ#1184421)\n\n * The ntpd daemon included a root delay when calculating its root\ndispersion. Consequently, the NTP server reported larger root dispersion\nthan it should have and clients could reject the source when its distance\nreached the maximum synchronization distance (1.5 seconds by default).\nCalculation of root dispersion has been fixed, the root dispersion is now\nreported correctly, and clients no longer reject t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"ntp on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1459-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00036.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:33:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-29T00:00:00", "id": "OPENVAS:1361412562310869311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869311", "title": "Fedora Update for ntp FEDORA-2015-5830", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2015-5830\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869311\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-29 05:27:11 +0200 (Wed, 29 Apr 2015)\");\n script_cve_id(\"CVE-2015-1799\", \"CVE-2015-1798\", \"CVE-2014-9297\", \"CVE-2014-9298\",\n \"CVE-2014-9293\", \"CVE-2014-9294\", \"CVE-2014-9295\", \"CVE-2014-9296\",\n \"CVE-2015-3405\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2015-5830\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5830\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~30.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "bulletinFamily": "unix", "description": "CVE-2015-1798 (accept unauthenticated packets):\n\nWhen ntpd is configured to use a symmetric key to authenticate a remote NTP\nserver/peer, it checks if the NTP message authentication code (MAC) in received\npackets is valid, but not if there actually is any MAC included. Packets without\na MAC are accepted as if they had a valid MAC. This allows a MITM attacker to\nsend false packets that are accepted by the client/peer without having to know\nthe symmetric key. The attacker needs to know the transmit timestamp of the\nclient to match it in the forged reply and the false reply needs to reach the\nclient before the genuine reply from the server. The attacker doesn't\nnecessarily need to be relaying the packets between the client and the server. \n\nCVE-2015-1799 (denial of service):\n\nAn attacker knowing that NTP hosts A and B are peering with each other\n(symmetric association) can send a packet to host A with source address of B\nwhich will set the NTP state variables on A to the values sent by the attacker.\nHost A will then send on its next poll to B a packet with originate timestamp\nthat doesn't match the transmit timestamp of B and the packet will be dropped.\nIf the attacker does this periodically for both hosts, they won't be able to\nsynchronize to each other. This is a known denial-of-service attack", "modified": "2015-04-08T00:00:00", "published": "2015-04-08T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html", "id": "ASA-201504-8", "title": "ntp: multiple issues", "type": "archlinux", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:44", "bulletinFamily": "unix", "description": "CVE-2015-1853 (denial of service):\nThis issue is similiar to the &quot;ntp CVE-2015-1799&quot;-issue.\nAn attacker knowing that NTP hosts A and B are peering with each other\n(symmetric association) can send a packet to host A with source address of B\nwhich will set the NTP state variables on A to the values sent by the attacker.\nHost A will then send on its next poll to B a packet with originate timestamp\nthat doesn't match the transmit timestamp of B and the packet will be dropped.\nIf the attacker does this periodically for both hosts, they won't be able to\nsynchronize to each other. This is a known denial-of-service attack", "modified": "2015-04-08T00:00:00", "published": "2015-04-08T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html", "id": "ASA-201504-9", "title": "chrony: denial of service", "type": "archlinux", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:39", "bulletinFamily": "unix", "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded.\n In addition to bug fixes and enhancements, this release fixes the\n following medium-severity vulnerabilities involving private key\n authentication:\n * ntpd accepts unauthenticated packets with symmetric key crypto.\n * Authentication doesn't protect symmetric associations against DoS attacks.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p2-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n570bb3e4bb7b065101fa4963e757d7e7 ntp-4.2.8p2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ne6add42a70a66496be2d4978370c2799 ntp-4.2.8p2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n99f1cfa5e23a256d840ed0a56b7f9400 ntp-4.2.8p2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n0a6622196521e084d36cda13fc6da824 ntp-4.2.8p2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n28cfe042c585cf036582ce5f0c2daadf ntp-4.2.8p2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nc436da55cd2d113142410a9d982c5ac5 ntp-4.2.8p2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ncf69f8ecb5e4c1902dfb22d0f9685278 ntp-4.2.8p2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9c8344ec56d5d2335fd7370e2f9cf639 ntp-4.2.8p2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9dcf0eafa851ad018f8341c2fb9307b5 ntp-4.2.8p2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0c063f4e46a72ec86012a46299a46df ntp-4.2.8p2-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n5f72de16e3bb6cd216e7694a49671cee n/ntp-4.2.8p2-i486-1.txz\n\nSlackware x86_64 -current package:\n1ba531770e4a2ae6e8e7116aaa26523e n/ntp-4.2.8p2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p2-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "modified": "2015-04-21T18:21:55", "published": "2015-04-21T18:21:55", "id": "SSA-2015-111-08", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.522767", "title": "ntp", "type": "slackware", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:59", "bulletinFamily": "unix", "description": "Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. (CVE-2015-1798)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-1799)\n\nJuergen Perlinger discovered that NTP incorrectly generated MD5 keys on big-endian platforms. This issue could either cause ntp-keygen to hang, or could result in non-random keys. (CVE number pending)", "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "USN-2567-1", "href": "https://usn.ubuntu.com/2567-1/", "title": "NTP vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2018-12-25T20:17:32", "bulletinFamily": "info", "description": "### Overview \n\nNTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.\n\n### Description \n\nCVE-2015-1798, [bug 2779](<http://bugs.ntp.org/show_bug.cgi?id=2779>):\n\nIn NTP4 installations utilizing symmetric key authentication, versions ntp-4.2.5p99 to ntp-4.2.8p1, packets with no message authentication code (MAC) are accepted as though they have a valid MAC. An attacker may be able to leverage this validation error to send packets that will be accepted by the client. The CVSS score reflects this issue. \n \nCVE-2015-1799, [bug 2781](<http://bugs.ntp.org/show_bug.cgi?id=2781>): \n \nIn NTP installations utilizing symmetric key authentication, including xntp3.3wy to version ntp-4.2.8p1, a denial of service condition is created when two peering hosts receive packets in which the originate and transmit timestamps do not match. An attacker who periodically sends such packets to both hosts can prevent synchronization. \n \nFor more information about these issues, visit [NTP's security notice](<http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities>). \n \n--- \n \n### Impact \n\nAn unauthenticated attacker with network access may be able to inject packets or prevent peer synchronization among symmetrically authenticated hosts. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nThe NTP Project has released [version ntp-4.2.8p2](<http://www.ntp.org/downloads.html>) to address these issues. \n \n--- \n \n### Vendor Information\n\n374268\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Arista Networks, Inc. \n\nUpdated: April 10, 2015 \n\n**Statement Date: April 09, 2015**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ FreeBSD Project \n\nNotified: March 24, 2015 Updated: April 10, 2015 \n\n**Statement Date: April 09, 2015**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\n`The vulnerabilities in 374268 (different from 852879) have been resolved by FreeBSD-SA-15:07.ntp. \n \n<https://www.freebsd.org/security/advisories/FreeBSD-SA-15:07.ntp.asc>`\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<https://www.freebsd.org/security/advisories/FreeBSD-SA-15:07.ntp.asc>\n\n### __ NTP Project \n\nNotified: March 23, 2015 Updated: April 07, 2015 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<http://support.ntp.org/bin/view/Main/SecurityNotice http://www.ntp.org/downloads.html>\n\n### __ EfficientIP \n\nUpdated: April 10, 2015 \n\n**Statement Date: April 09, 2015**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ ACCESS \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ AT&amp;T \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Alcatel-Lucent \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Apple \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Arch Linux \n\nNotified: March 30, 2015 Updated: March 30, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Avaya, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Barracuda Networks \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Belkin, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Blue Coat Systems \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Brocade \n\nNotified: March 30, 2015 Updated: March 30, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ CA Technologies \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ CentOS \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Check Point Software Technologies \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Cisco \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Cray Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ D-Link Systems, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Debian GNU/Linux \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ DesktopBSD \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ DragonFly BSD Project \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ EMC Corporation \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Enterasys Networks \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Ericsson \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Extreme Networks \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ F5 Networks, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Fedora Project \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Force10 Networks \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Fortinet, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Fujitsu \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Gentoo Linux \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Global Technology Associates, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Hewlett-Packard Company \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Hitachi \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Huawei Technologies \n\nNotified: March 30, 2015 Updated: March 30, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ IBM Corporation \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ IBM eServer \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Infoblox \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Intel Corporation \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Intoto \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Juniper Networks \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Mandriva S. A. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ McAfee \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Microsemi \n\nNotified: April 09, 2015 Updated: April 09, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Microsoft Corporation \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ NEC Corporation \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ NetBSD \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Nokia \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Novell, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ OmniTI \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ OpenBSD \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Openwall GNU/*/Linux \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Oracle Corporation \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ PC-BSD \n\nNotified: March 30, 2015 Updated: March 30, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Palo Alto Networks \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Peplink \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Process Software \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Q1 Labs \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ QNX Software Systems Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Quagga \n\nNotified: March 30, 2015 Updated: March 30, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Red Hat, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ SUSE Linux \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ SafeNet \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Slackware Linux Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ SmoothWall \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Snort \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Sony Corporation \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Sourcefire \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Stonesoft \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Symantec \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ The SCO Group \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ TippingPoint Technologies Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Turbolinux \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Ubuntu \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Unisys \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ VMware \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Vyatta \n\nNotified: March 30, 2015 Updated: March 30, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Watchguard Technologies, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ Wind River \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ ZyXEL \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ eSoft, Inc. \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ m0n0wall \n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### __ openSUSE project \n\nNotified: March 30, 2015 Updated: March 30, 2015 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 4.2 | E:POC/RL:OF/RC:C \nEnvironmental | 4.2 | CDP:N/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities>\n * <http://bugs.ntp.org/show_bug.cgi?id=2781>\n * <http://bugs.ntp.org/show_bug.cgi?id=2779>\n * <http://www.ntp.org/downloads.html>\n\n### Credit\n\nThe NTP Project credits Miroslav Lichvar of Red Hat for reporting these issues. \n\nThis document was written by Joel Land. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2015-1798, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1798>) [CVE-2015-1799](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1799>) \n---|--- \n**Date Public:** | 2015-04-07 \n**Date First Published:** | 2015-04-07 \n**Date Last Updated: ** | 2015-04-10 18:36 UTC \n**Document Revision: ** | 18 \n", "modified": "2015-04-10T18:36:00", "published": "2015-04-07T00:00:00", "id": "VU:374268", "href": "https://www.kb.cert.org/vuls/id/374268", "type": "cert", "title": "NTP Project ntpd reference implementation contains multiple vulnerabilities", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "cisco": [{"lastseen": "2019-02-12T21:27:48", "bulletinFamily": "software", "description": "A vulnerability in the authentication code of ntpd could allow an unauthenticated, remote attacker to inject NTP state variables without knowledge of the NTP keys.\n\nThe vulnerability is due to invalid processing of the NTP packets when authentication fails. An attacker could exploit this vulnerability by periodically sending NTP packets with set NTP state variables. A successful exploit could allow the attacker to disrupt communication between NTP hosts, preventing synchronization.\n\nA vulnerability in the message authentication code (MAC) validation routine of ntpd could allow an unauthenticated, remote attacker to bypass the NTP authentication feature.\n\nThe vulnerability is due to incorrect validation of the MAC field. An attacker could exploit this vulnerability by sending unauthenticated NTP packets to an NTP host that is configured with symmetric key authentication. An exploit could allow the attacker to inject NTP packets to the NTP host without knowledge of the NTP symmetric key.\n\nMultiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to bypass authentication controls or to create a denial of service (DoS) condition.\n\nOn April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding bypass of authentication controls. These vulnerabilities are referenced in this document as follows:\n\n CVE-2015-1798: NTP Authentication bypass vulnerability\n CVE-2015-1799: NTP Authentication doesn't protect symmetric associations against DoS attacks\n\nCisco has released software updates that address these vulnerabilities. \n\nWorkarounds that mitigate these vulnerabilities are available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd\"]", "modified": "2015-12-07T14:37:03", "published": "2015-04-08T16:00:00", "id": "CISCO-SA-20150408-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd", "type": "cisco", "title": "Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-26T15:33:47", "bulletinFamily": "software", "description": "A vulnerability in authentication code of ntpd could allow an unauthenticated, remote attacker to inject NTP state variables without knowledge of the NTP keys.\n\nThe vulnerability is due to invalid processing of the NTP packets when authentication fails. An attacker could exploit this vulnerability by periodically sending NTP packets with set NTP state variables. A successful exploit could allow the attacker to disrupt communication between NTP hosts, preventing synchronization.\n\nA vulnerability in ntpd could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.\n\nThe vulnerability is due to improper processing of Network Time Protocol (NTP) packets when handling symmetric key authentication failures. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack to periodically transmit crafted NTP packets with set NTP state variables. An exploit could allow the attacker to disrupt communication between NTP hosts, preventing synchronization and leading to a DoS condition for legitimate users.\n\nNTP.org has confirmed this vulnerability in a security advisory and released software updates.\n\nTo exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.\n\nAn attacker may attempt to perform a man-in-the-middle attack to send crafted packets to the targeted device in an attempt to exploit this vulnerability.\n\nReports indicate that systems that are configured to use the symmetric key authentication mechanism are affected.", "modified": "2015-07-23T12:35:31", "published": "2015-04-08T16:41:16", "id": "CISCO-SA-20150408-CVE-2015-1799", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150408-CVE-2015-1799", "type": "cisco", "title": "Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-26T15:33:47", "bulletinFamily": "software", "description": "A vulnerability in the Network Time Protocol (NTP) daemon could allow an unauthenticated, adjacent attacker to bypass authentication mechanisms and access an affected system.\n\nThe vulnerability is due to incorrect validation of the message authentication code (MAC) field. An attacker could exploit this vulnerability by sending unauthenticated NTP packets to an NTP host that is configured with symmetric key authentication. An exploit could allow the attacker to inject NTP packets to the NTP host without knowing the NTP symmetric key.\n\nNTP.org has released a security notice and software updates to address the vulnerability.\n\nTo exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted packets to the affected system. This access requirement limits the likelihood of a successful exploit.\n\nThe vulnerability is exploitable only on an application that is configured with the symmetric key authentication mechanism. Authentication using autokey is not affected.\n\nA vulnerability in the message authentication code (MAC) validation routine of ntpd could allow an unauthenticated, remote attacker to bypass the NTP authentication feature.\n\nThe vulnerability is due to incorrect validation of the MAC field. An attacker could exploit this vulnerability by sending unauthenticated NTP packets to an NTP host that is configured with symmetric key authentication. An exploit could allow the attacker to inject NTP packets to the NTP host without the knowledge of the NTP symmetric key.", "modified": "2015-07-23T12:35:37", "published": "2015-04-08T17:05:12", "id": "CISCO-SA-20150408-CVE-2015-1798", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150408-CVE-2015-1798", "type": "cisco", "title": "Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability", "cvss": {"score": 1.8, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:10", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. ([CVE-2015-1798 __](<https://access.redhat.com/security/cve/CVE-2015-1798>))\n\nThe symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. ([CVE-2015-1799 __](<https://access.redhat.com/security/cve/CVE-2015-1799>))\n\nThis update also addresses [leap-second handling](<https://bugzilla.redhat.com/show_bug.cgi?id=1196635>). With older ntp versions, the -x option was sometimes used as a workaround to avoid kernel inserting/deleting leap seconds by stepping the clock and possibly upsetting running applications. That no longer works with 4.2.6 as ntpd steps the clock itself when a leap second occurs. The fix is to treat the one second offset gained during leap second as a normal offset and check the stepping threshold (set by -x or tinker step) to decide if a step should be applied. See [this forum post](<https://forums.aws.amazon.com/ann.jspa?annID=3064>) for more information on the Amazon Linux AMI's leap-second handling. \n\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n ntp-debuginfo-4.2.6p5-30.24.amzn1.i686 \n ntp-4.2.6p5-30.24.amzn1.i686 \n ntpdate-4.2.6p5-30.24.amzn1.i686 \n \n noarch: \n ntp-doc-4.2.6p5-30.24.amzn1.noarch \n ntp-perl-4.2.6p5-30.24.amzn1.noarch \n \n src: \n ntp-4.2.6p5-30.24.amzn1.src \n \n x86_64: \n ntp-4.2.6p5-30.24.amzn1.x86_64 \n ntpdate-4.2.6p5-30.24.amzn1.x86_64 \n ntp-debuginfo-4.2.6p5-30.24.amzn1.x86_64 \n \n \n", "modified": "2015-05-24T14:16:00", "published": "2015-05-24T14:16:00", "id": "ALAS-2015-520", "href": "https://alas.aws.amazon.com/ALAS-2015-520.html", "title": "Important: ntp", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "description": "### Background\n\nNTP contains software for the Network Time Protocol.\n\n### Description\n\nMultiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/ntp-4.2.8_p3\"", "modified": "2015-09-24T00:00:00", "published": "2015-09-24T00:00:00", "id": "GLSA-201509-01", "href": "https://security.gentoo.org/glsa/201509-01", "type": "gentoo", "title": "NTP: Multiple vulnerablities", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:00", "bulletinFamily": "unix", "description": "[4.2.6p5-5]\n- reject packets without MAC when authentication is enabled (CVE-2015-1798)\n- protect symmetric associations with symmetric key against DoS attack\n (CVE-2015-1799)\n- fix generation of MD5 keys with ntp-keygen on big-endian systems\n (CVE-2015-3405)\n- log when stepping clock for leap second or ignoring it with -x (#1204625)\n[4.2.6p5-4]\n- fix typos in ntpd man page (#1194463)", "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1459", "href": "http://linux.oracle.com/errata/ELSA-2015-1459.html", "title": "ntp security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T01:44:09", "bulletinFamily": "unix", "description": "[4.2.6p5-22]\n- check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)\n- allow only one step larger than panic threshold with -g (CVE-2015-5300)\n[4.2.6p5-20]\n- validate lengths of values in extension fields (CVE-2014-9297)\n- drop packets with spoofed source address ::1 (CVE-2014-9298)\n- reject packets without MAC when authentication is enabled (CVE-2015-1798)\n- protect symmetric associations with symmetric key against DoS attack (CVE-2015-1799)\n- fix generation of MD5 keys with ntp-keygen on big-endian systems (CVE-2015-3405)\n- add option to set Differentiated Services Code Point (DSCP) (#1202828)\n- add nanosecond support to SHM refclock (#1117702)\n- allow creating all SHM segments with owner-only access (#1122012)\n- allow different thresholds for forward and backward step (#1193154)\n- allow symmetric keys up to 32 bytes again (#1191111)\n- don't step clock for leap second with -x option (#1191122)\n- don't drop packets with source port below 123 (#1171640)\n- retry joining multicast groups (#1207014)\n- increase memlock limit again (#1053569)\n- warn when monitor can't be disabled due to limited restrict (#1191108)\n- use larger RSA exponent in ntp-keygen (#1191116)\n- fix crash in ntpq mreadvar command (#1180721)\n- move sntp kod database to allow SELinux labeling (#1082934)\n- fix typos in ntpd man page (#1195211)\n- improve documentation of restrict command (#1213953)", "modified": "2015-11-23T00:00:00", "published": "2015-11-23T00:00:00", "id": "ELSA-2015-2231", "href": "http://linux.oracle.com/errata/ELSA-2015-2231.html", "title": "ntp security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:05", "bulletinFamily": "unix", "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith another referenced time source.\n\nIt was found that because NTP's access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send malicious\ncontrol and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat.\n\nBug fixes:\n\n* The ntpd daemon truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. The maximum length of keys has now\nbeen changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA keys,\nand generating RSA keys failed when FIPS mode was enabled. ntp-keygen has\nbeen modified to use the exponent of 65537, and generating keys in FIPS\nmode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root\ndispersion. Consequently, the NTP server reported larger root dispersion\nthan it should have and clients could reject the source when its distance\nreached the maximum synchronization distance (1.5 seconds by default).\nCalculation of root dispersion has been fixed, the root dispersion is now\nreported correctly, and clients no longer reject the server due to a large\nsynchronization distance. (BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). Clients behind Network Address Translation\n(NAT) were unable to synchronize with the server if their source port was\ntranslated to ports below 123. With this update, ntpd no longer checks the\nsource port number. (BZ#1171630)\n\nEnhancements:\n\n* This update introduces configurable access of memory segments used for\nShared Memory Driver (SHM) reference clocks. Previously, only the first two\nmemory segments were created with owner-only access, allowing just two SHM\nreference clocks to be used securely on a system. Now, the owner-only\naccess to SHM is configurable with the \"mode\" option, and it is therefore\npossible to use more SHM reference clocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM reference\nclock. Prior to this update, when a Precision Time Protocol (PTP) hardware\nclock was used as a time source to synchronize the system clock (for\nexample, with the timemaster service from the linuxptp package), the\naccuracy of the synchronization was limited due to the microsecond\nresolution of the SHM protocol. The nanosecond extension in the SHM\nprotocol now enables sub-microsecond synchronization of the system clock.\n(BZ#1117704)", "modified": "2018-06-06T20:24:19", "published": "2015-07-22T04:00:00", "id": "RHSA-2015:1459", "href": "https://access.redhat.com/errata/RHSA-2015:1459", "type": "redhat", "title": "(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T17:45:30", "bulletinFamily": "unix", "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat.\n\nBug fixes:\n\n* The ntpd service truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. With this update, the maximum key\nlength has been changed to 32 bytes. (BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed. (BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating\nRSA keys. Consequently, generating RSA keys failed when FIPS mode was\nenabled. With this update, ntp-keygen has been modified to use the exponent\nof 65537, and generating keys in FIPS mode now works as expected.\n(BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). With this update, ntpd no longer checks the\nsource port number, and clients behind NAT are now able to correctly\nsynchronize with the server. (BZ#1171640)\n\nEnhancements:\n\n* This update adds support for configurable Differentiated Services Code\nPoints (DSCP) in NTP packets, simplifying configuration in large networks\nwhere different NTP implementations or versions are using different DSCP\nvalues. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the \"stepback\"\nand \"stepfwd\" options to configure each threshold. (BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source to\nsynchronize the system clock, the accuracy of the synchronization was\nlimited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "modified": "2018-04-12T03:32:48", "published": "2015-11-19T19:42:12", "id": "RHSA-2015:2231", "href": "https://access.redhat.com/errata/RHSA-2015:2231", "type": "redhat", "title": "(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "aix": [{"lastseen": "2018-08-31T00:08:38", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Aug 21 09:06:03 CDT 2015 \n|Updated: Mon Feb 15 13:19:18 CST 2016\n|Update: Changed AIX 6.1.8 and 7.1.2 impacted levels. \n\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc\nhttps://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc\nftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc\n\n\nSecurity Bulletin: Vulnerability in NTPv3 affects AIX (CVE-2015-1799)\n\n\n===============================================================================\n\nSUMMARY:\n\n A vulnerability in NTPv3 affects AIX. \n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2015-1799\n DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) is\n vulnerable to a denial of service, caused by an error when using\n symmetric key authentication. By sending specially-crafted packets to\n both peering hosts, an attacker could exploit this vulnerability to\n prevent synchronization. \n CVSS Base Score: 5.4 \n CVSS Temporal Score: See\n http://xforce.iss.net/xforce/xfdb/102052 for the current score.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 6.1, 7.1\n VIOS 2.2.x\n\n The following AIX fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n| bos.net.tcp.client 6.1.0.0 6.1.8.20 key_w_fs\n bos.net.tcp.client 6.1.0.0 6.1.9.45 key_w_fs\n| bos.net.tcp.client 7.1.0.0 7.1.2.20 key_w_fs\n bos.net.tcp.client 7.1.0.0 7.1.3.45 key_w_fs\n\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ------------------------------------------------------------\n| bos.net.tcp.client 6.1.0.0(2.2.0.0) 6.1.8.19(2.2.2.70)\n bos.net.tcp.client 6.1.0.0(2.2.0.0) 6.1.9.45(2.2.3.50)\n\n\n Note: to find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.client\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ---------------------------------------------------\n 6.1.9 IV73783 12/04/15 SP6 key_w_apar\n 7.1.3 IV74261 2/26/16 SP6 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV73783\n http://www.ibm.com/support/docview.wss?uid=isg1IV74261\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available.\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix3.tar\n http://aix.software.ibm.com/aix/efixes/security/ntp_fix3.tar\n https://aix.software.ibm.com/aix/efixes/security/ntp_fix3.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n ------------------------------------------------\n 6.1.8.6 IV74263s6a.150714.epkg.Z key_w_fix\n 6.1.9.5 IV73783s5a.150714.epkg.Z key_w_fix\n 7.1.2.6 IV74262s6a.150714.epkg.Z key_w_fix\n 7.1.3.5 IV74261s5a.150714.epkg.Z key_w_fix\n\n\n To extract the fixes from the tar file:\n\n tar xvf ntp_fix3.tar\n cd ntp_fix3\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 1b47c44eae7b3dd5d219586a5dafa806cd54c18872dbeee13774ae0f18242786 IV74263s6a.150714.epkg.Z key_w_csum\n ad3c3496796c9837ab7247a639e8d61e354d29c45daf940a39518f0ede5fe5ca IV73783s5a.150714.epkg.Z key_w_csum\n 785292432666ac70d019b31018965a03f3fcf8f870ec2a9473ec2e127a4a2f5f IV74262s6a.150714.epkg.Z key_w_csum\n 3ff500cc1235275a9ce1b66c9c0f41b94ccd500930dbc9d90a9e0dfe93364c14 IV74261s5a.150714.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n You should verify applying this configuration change does not cause\n any compatibility issues. If you change the default setting after\n applying the fix, you will expose yourself to the attack described\n above. IBM recommends that you review your entire environment to\n identify other areas where you have enabled the Diffie-Hellman\n key-exchange protocol used in TLS and take appropriate mitigation and\n remediation actions.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2:\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Fri Aug 21 09:06:03 CDT 2015 \n| Updated: Mon Feb 15 13:19:18 CST 2016\n| Update: Changed AIX 6.1.8 and 7.1.2 impacted levels.\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "modified": "2016-02-15T13:19:18", "published": "2015-08-21T09:06:03", "id": "NTP_ADVISORY3.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc", "title": "Vulnerability in NTPv3 affects AIX", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:33", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Mon Jun 29 10:00:16 CDT 2015\n\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc\n\n \nSecurity Bulletin: Vulnerabilities in NTPv4 affect AIX \n\n\n===============================================================================\n\nSUMMARY:\n\n There are two vulnerabilities in NTPv4 that affect AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2014-9297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297\n DESCRIPTION:\n Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a\n remote attacker to conduct spoofing attacks, caused by insufficient\n entropy in PRNG. An attacker could exploit this vulnerability to spoof\n the IPv6 address ::1 to bypass ACLs and launch further attacks on the\n system.\n CVSS:\n CVSS Base Score: 5.00\n CVSS Temporal Score: See \n http://xforce.iss.net/xforce/xfdb/100004 for the current score. \n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n CVEID: CVE-2015-1799\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\n DESCRIPTION:\n Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable\n to a denial of service, caused by an error when using symmetric key\n authentication. By sending specially-crafted packets to both peering\n hosts, an attacker could exploit this vulnerability to prevent\n synchronization.\n CVSS:\n CVSS Base Score: 5.40\n CVSS Temporal Score: See\n http://xforce.iss.net/xforce/xfdb/102052 for the current score.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 6.1, 7.1\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n ntp.rte 6.1.0.0 6.1.6.4 key_w_fs\n ntp.rte 7.1.0.0 7.1.0.4 key_w_fs\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ------------------------------------------------------------\n ntp.rte 6.1.0.0(2.2.0.0) 6.1.6.4(2.2.2.6)\n ntp.rte 6.1.0.0(2.2.0.0) 6.1.6.4(2.2.3.4)\n\n\n Note: to find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i ntp.rte \n\n\n REMEDIATION:\n \n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ---------------------------------------------------\n 6.1.9 IV71094 12/4/15 SP6 key_w_apar\n 7.1.3 IV71096 2/26/16 SP6 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV71094\n http://www.ibm.com/support/docview.wss?uid=isg1IV71096\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via ftp or\n http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/ntp4_fix.tar\n http://aix.software.ibm.com/aix/efixes/security/ntp4_fix.tar\n https://aix.software.ibm.com/aix/efixes/security/ntp4_fix.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n ------------------------------------------------\n 6.1 IV71094s0a.150618.epkg.Z key_w_fix\n 7.1 IV71096s0a.150618.epkg.Z key_w_fix\n\n To extract the fixes from the tar file:\n\n tar xvf ntp4_fix.tar\n cd ntp4_fix\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n daa13bf1d503c5e955b86ebd997895bf0bb47d9394f7d858a2628f762a062344 IV71094s0a.150618.epkg.Z key_w_csum\n 811e3169a1c244a48d6380f8eb1462b47e2c2c8c7db8a20e3165de7fd0bba822 IV71096s0a.150618.epkg.Z key_w_csum\n\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: \n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Mon Jun 29 10:00:16 CDT 2015\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "modified": "2015-06-29T10:00:16", "published": "2015-06-29T10:00:16", "id": "NTP4_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc", "title": "Vulnerabilities in NTPv4 affect AIX", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:57:04", "bulletinFamily": "info", "description": "NTP, the much maligned protocol abused in a number of [high volume DDoS attacks](<https://threatpost.com/volume-of-ntp-amplification-attacks-getting-louder/105763>) a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed.\n\nThe Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday issued an [advisory](<http://www.kb.cert.org/vuls/id/374268>) warning of the [two vulnerabilities](<http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities>), which were patched in [ntp-4.2 8p2](<http://www.ntp.org/downloads.html>).\n\nThe first vulnerability, CVE-2015-1798, affects ntp-4.2.5p99 to ntp-4.2.8p1 versions using symmetric key authentication. According to the advisory, packets sent without message authentication code (MAC) are accepted as though they had one.\n\n\u201cAn attacker may be able to leverage this validation error to send packets that will be accepted by the client,\u201d the advisory said.\n\nThe second flaw affects versions xntp3.3wy to version ntp-4.2.8p1 that use symmetric key authentication, and creates a denial of service condition when peering hosts receive packets where the timestamps don\u2019t match.\n\n\u201cAn attacker who periodically sends such packets to both hosts can prevent synchronization,\u201d the advisory said.\n\nNTP is a protocol used to synchronize time on computer clocks; considered a set-and-forget feature on networks. Hackers who specialize in distributed denial-of-service attacks found a way to exploit vulnerabilities in NTP to amplify DDoS attacks to, at the time, unprecedented levels.\n\nLast February, traffic optimization company CloudFlare reported a [NTP-based DDoS attack](<https://threatpost.com/ntp-amplification-blamed-for-400-gbps-ddos-attack/104201>) against one of its customers that peaked at 400 Gbps, topping the previous high of 300 Gbps against Spamhaus in March 2013.\n\n\u201cRemarkably, it is possible that the attacker used only a single server running on a network that allowed source IP address spoofing to initiate the requests,\u201d CloudFlare CEO Matthew Prince told Threatpost at the time.\n\nNTP-based DDoS attacks are a relatively simple way of spoofing IP addresses in order to disrupt websites or web-based services.\n\n\u201cNTP attacks are definitely on the rise. Because the amplification factor per misconfigured server can be 10x as large as a typical DNS amplification attack, they pose a significant risk,\u201d Prince said.\n\nRed Hat\u2019s Miroslav Lichvar reported the issue in early March to NTP, which patched the vulnerabilities yesterday.\n", "modified": "2015-04-13T12:44:45", "published": "2015-04-08T11:37:31", "id": "THREATPOST:5769C48C396166703CD9313DCCE52178", "href": "https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067/", "type": "threatpost", "title": "NTP Symmetric Key Authentication Security Vulnerabilities Patched", "cvss": {"score": 1.8, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:56:37", "bulletinFamily": "unix", "description": "ntp was updated to fix two security issues:\n\n * CVE-2015-1799: ntpd authentication did not protect symmetric\n associations against DoS attacks (bsc#924202)\n * CVE-2015-3405: ntp-keygen may generate non-random symmetric keys on\n big-endian systems (bsc#928321)\n\n Security Issues:\n\n * CVE-2015-1799\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799</a>&gt;\n * CVE-2015-3405\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3405\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3405</a>&gt;\n\n", "modified": "2015-07-02T17:05:24", "published": "2015-07-02T17:05:24", "id": "SUSE-SU-2015:1173-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html", "type": "suse", "title": "Security update for ntp (important)", "cvss": {"score": 4.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:46:06", "bulletinFamily": "unix", "description": "NTP was updated to version 4.2.8p8 to fix several security issues and to\n ensure the continued maintainability of the package.\n\n These security issues were fixed:\n\n * CVE-2016-4953: Bad authentication demobilized ephemeral associations\n (bsc#982065).\n * CVE-2016-4954: Processing spoofed server packets (bsc#982066).\n * CVE-2016-4955: Autokey association reset (bsc#982067).\n * CVE-2016-4956: Broadcast interleave (bsc#982068).\n * CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).\n * CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS\n (bsc#977459).\n * CVE-2016-1548: Prevent the change of time of an ntpd client or\n denying service to an ntpd client by forcing it to change from basic\n client/server mode to interleaved symmetric mode (bsc#977461).\n * CVE-2016-1549: Sybil vulnerability: ephemeral association attack\n (bsc#977451).\n * CVE-2016-1550: Improve security against buffer comparison timing\n attacks (bsc#977464).\n * CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y\n * CVE-2016-2516: Duplicate IPs on unconfig directives could have\n caused an assertion botch in ntpd (bsc#977452).\n * CVE-2016-2517: Remote configuration trustedkey/\n requestkey/controlkey values are not properly validated (bsc#977455).\n * CVE-2016-2518: Crafted addpeer with hmode &gt; 7 causes array\n wraparound with MATCH_ASSOC (bsc#977457).\n * CVE-2016-2519: ctl_getitem() return value not always checked\n (bsc#977458).\n * CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).\n * CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n * CVE-2015-7979: Off-path Denial of Service (DoS) attack on\n authenticated broadcast mode (bsc#962784).\n * CVE-2015-7978: Stack exhaustion in recursive traversal of\n restriction list (bsc#963000).\n * CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n * CVE-2015-7976: ntpq saveconfig command allowed dangerous characters\n in filenames (bsc#962802).\n * CVE-2015-7975: nextvar() missing length check (bsc#962988).\n * CVE-2015-7974: NTP did not verify peer associations of symmetric\n keys when authenticating packets, which might have allowed remote\n attackers to conduct impersonation attacks via an arbitrary trusted\n key, aka a &quot;skeleton&quot; key (bsc#962960).\n * CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n * CVE-2015-5300: MITM attacker can force ntpd to make a step larger\n than the panic threshold (bsc#951629).\n * CVE-2015-5194: Crash with crafted logconfig configuration command\n (bsc#943218).\n * CVE-2015-7871: NAK to the Future: Symmetric association\n authentication bypass via crypto-NAK (bsc#952611).\n * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning\n FAIL on some bogus values (bsc#952611).\n * CVE-2015-7854: Password Length Memory Corruption Vulnerability\n (bsc#952611).\n * CVE-2015-7853: Invalid length data provided by a custom refclock\n driver could cause a buffer overflow (bsc#952611).\n * CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability\n (bsc#952611).\n * CVE-2015-7851: saveconfig Directory Traversal Vulnerability\n (bsc#952611).\n * CVE-2015-7850: Clients that receive a KoD now validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611).\n * CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611).\n * CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611).\n * CVE-2015-7703: Configuration directives &quot;pidfile&quot; and &quot;driftfile&quot;\n should only be allowed locally (bsc#943221).\n * CVE-2015-7704: Clients that receive a KoD should validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7705: Clients that receive a KoD should validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7691: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-7692: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-7702: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-1798: The symmetric-key feature in the receive function in\n ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC\n field has a nonzero length, which made it easier for\n man-in-the-middle attackers to spoof packets by omitting the MAC\n (bsc#924202).\n * CVE-2015-1799: The symmetric-key feature in the receive function in\n ntp_proto.c in ntpd in NTP performed state-variable updates upon\n receiving certain invalid packets, which made it easier for\n man-in-the-middle attackers to cause a denial of service\n (synchronization loss) by spoofing the source IP address of a peer\n (bsc#924202).\n\n These non-security issues were fixed:\n\n * Keep the parent process alive until the daemon has finished\n initialisation, to make sure that the PID file exists when the\n parent returns.\n * bsc#979302: Change the process name of the forking DNS worker\n process to avoid the impression that ntpd is started twice.\n * bsc#981422: Don't ignore SIGCHILD because it breaks wait().\n * Separate the creation of ntp.keys and key #1 in it to avoid problems\n when upgrading installations that have the file, but no key #1,\n which is needed e.g. by &quot;rcntp addserver&quot;.\n * bsc#957226: Restrict the parser in the startup script to the first\n occurrance of &quot;keys&quot; and &quot;controlkey&quot; in ntp.conf.\n * Enable compile-time support for MS-SNTP (--enable-ntp-signd)\n * bsc#975496: Fix ntp-sntp-dst.patch.\n * bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path,\n which caused the synchronization to fail.\n * bsc#782060: Speedup ntpq.\n * bsc#951559: Fix the TZ offset output of sntp during DST.\n * bsc#916617: Add /var/db/ntp-kod.\n * bsc#951351: Add ntp-ENOBUFS.patch to limit a warning that might\n happen quite a lot on loaded systems.\n * Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n * bnc#784760: Remove local clock from default configuration.\n * Fix incomplete backporting of &quot;rcntp ntptimemset&quot;.\n * bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n * Don't let &quot;keysdir&quot; lines in ntp.conf trigger the &quot;keys&quot; parser.\n * bsc#910063: Fix the comment regarding addserver in ntp.conf.\n * bsc#944300: Remove &quot;kod&quot; from the restrict line in ntp.conf.\n * bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n * bsc#926510: Re-add chroot support, but mark it as deprecated and\n disable it by default.\n * bsc#920895: Drop support for running chrooted, because it is an\n ongoing source of problems and not really needed anymore, given that\n ntp now drops privileges and runs under apparmor.\n * bsc#920183: Allow -4 and -6 address qualifiers in &quot;server&quot;\n directives.\n * Use upstream ntp-wait, because our version is incompatible with the\n new ntpq command line syntax.\n * bsc#920905: Adjust Util.pm to the Perl version on SLE11.\n * bsc#920238: Enable ntpdc for backwards compatibility.\n * bsc#920893: Don't use %exclude.\n * bsc#988417: Default to NTPD_FORCE_SYNC_ON_STARTUP=&quot;yes&quot;\n * bsc#988565: Ignore errors when removing extra files during\n uninstallation\n * bsc#988558: Don't blindly guess the value to use for IP_TOS\n\n Security Issues:\n\n * CVE-2016-4953\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953</a>&gt;\n * CVE-2016-4954\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954</a>&gt;\n * CVE-2016-4955\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955</a>&gt;\n * CVE-2016-4956\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956</a>&gt;\n * CVE-2016-4957\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957</a>&gt;\n * CVE-2016-1547\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547</a>&gt;\n * CVE-2016-1548\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548</a>&gt;\n * CVE-2016-1549\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549</a>&gt;\n * CVE-2016-1550\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550</a>&gt;\n * CVE-2016-1551\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551</a>&gt;\n * CVE-2016-2516\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516</a>&gt;\n * CVE-2016-2517\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517</a>&gt;\n * CVE-2016-2518\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518</a>&gt;\n * CVE-2016-2519\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519</a>&gt;\n * CVE-2015-8158\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158</a>&gt;\n * CVE-2015-8138\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138</a>&gt;\n * CVE-2015-7979\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979</a>&gt;\n * CVE-2015-7978\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978</a>&gt;\n * CVE-2015-7977\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977</a>&gt;\n * CVE-2015-7976\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976</a>&gt;\n * CVE-2015-7975\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975</a>&gt;\n * CVE-2015-7974\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974</a>&gt;\n * CVE-2015-7973\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973</a>&gt;\n * CVE-2015-5300\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300</a>&gt;\n * CVE-2015-5194\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194</a>&gt;\n * CVE-2015-7871\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871</a>&gt;\n * CVE-2015-7855\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855</a>&gt;\n * CVE-2015-7854\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854</a>&gt;\n * CVE-2015-7853\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853</a>&gt;\n * CVE-2015-7852\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852</a>&gt;\n * CVE-2015-7851\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851</a>&gt;\n * CVE-2015-7850\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850</a>&gt;\n * CVE-2015-7849\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849</a>&gt;\n * CVE-2015-7848\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848</a>&gt;\n * CVE-2015-7701\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701</a>&gt;\n * CVE-2015-7703\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703</a>&gt;\n * CVE-2015-7704\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704</a>&gt;\n * CVE-2015-7705\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705</a>&gt;\n * CVE-2015-7691\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691</a>&gt;\n * CVE-2015-7692\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692</a>&gt;\n * CVE-2015-7702\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702</a>&gt;\n * CVE-2015-1798\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798</a>&gt;\n * CVE-2015-1799\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799</a>&gt;\n\n\n", "modified": "2016-07-29T19:08:48", "published": "2016-07-29T19:08:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html", "id": "SUSE-SU-2016:1912-1", "title": "Security update for ntp (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "description": "The YaST2 NTP Client was updated to handle the presence of both xntp and\n ntp packages.\n\n If none are installed, &quot;ntp&quot; will be installed.\n\n Security Issues:\n\n * CVE-2016-4953\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953</a>&gt;\n * CVE-2016-4954\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954</a>&gt;\n * CVE-2016-4955\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955</a>&gt;\n * CVE-2016-4956\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956</a>&gt;\n * CVE-2016-4957\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957</a>&gt;\n * CVE-2016-1547\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547</a>&gt;\n * CVE-2016-1548\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548</a>&gt;\n * CVE-2016-1549\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549</a>&gt;\n * CVE-2016-1550\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550</a>&gt;\n * CVE-2016-1551\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551</a>&gt;\n * CVE-2016-2516\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516</a>&gt;\n * CVE-2016-2517\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517</a>&gt;\n * CVE-2016-2518\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518</a>&gt;\n * CVE-2016-2519\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519</a>&gt;\n * CVE-2015-8158\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158</a>&gt;\n * CVE-2015-8138\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138</a>&gt;\n * CVE-2015-7979\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979</a>&gt;\n * CVE-2015-7978\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978</a>&gt;\n * CVE-2015-7977\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977</a>&gt;\n * CVE-2015-7976\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976</a>&gt;\n * CVE-2015-7975\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975</a>&gt;\n * CVE-2015-7974\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974</a>&gt;\n * CVE-2015-7973\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973</a>&gt;\n * CVE-2015-5300\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300</a>&gt;\n * CVE-2015-5194\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194</a>&gt;\n * CVE-2015-7871\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871</a>&gt;\n * CVE-2015-7855\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855</a>&gt;\n * CVE-2015-7854\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854</a>&gt;\n * CVE-2015-7853\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853</a>&gt;\n * CVE-2015-7852\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852</a>&gt;\n * CVE-2015-7851\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851</a>&gt;\n * CVE-2015-7850\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850</a>&gt;\n * CVE-2015-7849\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849</a>&gt;\n * CVE-2015-7848\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848</a>&gt;\n * CVE-2015-7701\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701</a>&gt;\n * CVE-2015-7703\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703</a>&gt;\n * CVE-2015-7704\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704</a>&gt;\n * CVE-2015-7705\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705</a>&gt;\n * CVE-2015-7691\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691</a>&gt;\n * CVE-2015-7692\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692</a>&gt;\n * CVE-2015-7702\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702</a>&gt;\n * CVE-2015-1798\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798</a>&gt;\n * CVE-2015-1799\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799</a>&gt;\n\n\n", "modified": "2016-08-17T21:08:25", "published": "2016-08-17T21:08:25", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html", "id": "SUSE-SU-2016:2094-1", "type": "suse", "title": "Security update for yast2-ntp-client (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:2231\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service.\n\nIt was found that because NTP's access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat.\n\nBug fixes:\n\n* The ntpd service truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. With this update, the maximum key\nlength has been changed to 32 bytes. (BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed. (BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating\nRSA keys. Consequently, generating RSA keys failed when FIPS mode was\nenabled. With this update, ntp-keygen has been modified to use the exponent\nof 65537, and generating keys in FIPS mode now works as expected.\n(BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). With this update, ntpd no longer checks the\nsource port number, and clients behind NAT are now able to correctly\nsynchronize with the server. (BZ#1171640)\n\nEnhancements:\n\n* This update adds support for configurable Differentiated Services Code\nPoints (DSCP) in NTP packets, simplifying configuration in large networks\nwhere different NTP implementations or versions are using different DSCP\nvalues. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the \"stepback\"\nand \"stepfwd\" options to configure each threshold. (BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source to\nsynchronize the system clock, the accuracy of the synchronization was\nlimited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002507.html\n\n**Affected packages:**\nntp\nntp-doc\nntp-perl\nntpdate\nsntp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2231.html", "modified": "2015-11-30T19:45:44", "published": "2015-11-30T19:45:44", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/002507.html", "id": "CESA-2015:2231", "title": "ntp, ntpdate, sntp security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:26:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1459\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith another referenced time source.\n\nIt was found that because NTP's access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send malicious\ncontrol and configuration packets by spoofing ::1 addresses.\n(CVE-2014-9298)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9297)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat.\n\nBug fixes:\n\n* The ntpd daemon truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. The maximum length of keys has now\nbeen changed to 32 bytes. (BZ#1053551)\n\n* The ntp-keygen utility used the exponent of 3 when generating RSA keys,\nand generating RSA keys failed when FIPS mode was enabled. ntp-keygen has\nbeen modified to use the exponent of 65537, and generating keys in FIPS\nmode now works as expected. (BZ#1184421)\n\n* The ntpd daemon included a root delay when calculating its root\ndispersion. Consequently, the NTP server reported larger root dispersion\nthan it should have and clients could reject the source when its distance\nreached the maximum synchronization distance (1.5 seconds by default).\nCalculation of root dispersion has been fixed, the root dispersion is now\nreported correctly, and clients no longer reject the server due to a large\nsynchronization distance. (BZ#1045376)\n\n* The ntpd daemon dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). Clients behind Network Address Translation\n(NAT) were unable to synchronize with the server if their source port was\ntranslated to ports below 123. With this update, ntpd no longer checks the\nsource port number. (BZ#1171630)\n\nEnhancements:\n\n* This update introduces configurable access of memory segments used for\nShared Memory Driver (SHM) reference clocks. Previously, only the first two\nmemory segments were created with owner-only access, allowing just two SHM\nreference clocks to be used securely on a system. Now, the owner-only\naccess to SHM is configurable with the \"mode\" option, and it is therefore\npossible to use more SHM reference clocks securely. (BZ#1122015)\n\n* Support for nanosecond resolution has been added to the SHM reference\nclock. Prior to this update, when a Precision Time Protocol (PTP) hardware\nclock was used as a time source to synchronize the system clock (for\nexample, with the timemaster service from the linuxptp package), the\naccuracy of the synchronization was limited due to the microsecond\nresolution of the SHM protocol. The nanosecond extension in the SHM\nprotocol now enables sub-microsecond synchronization of the system clock.\n(BZ#1117704)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/002074.html\n\n**Affected packages:**\nntp\nntp-doc\nntp-perl\nntpdate\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1459.html", "modified": "2015-07-26T14:13:05", "published": "2015-07-26T14:13:05", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/002074.html", "id": "CESA-2015:1459", "title": "ntp, ntpdate security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ics": [{"lastseen": "2018-08-31T01:37:32", "bulletinFamily": "info", "description": "### **CVSS v3 10.0**\n\n**ATTENTION: **Remotely exploitable/low skill level to exploit.\n\n**Vendor:** Rockwell Automation\n\n**Equipment:** Stratix 5900\n\n**Vulnerabilities:** Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal_._\n\n## REPOSTED INFORMATION\n\nThis advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site.\n\n## AFFECTED PRODUCTS\n\nRockwell Automation reports that these vulnerabilities affect the following Stratix 5900 Services Routers:\n\n * Stratix 5900, All Versions prior to 15.6.3.\n\n## IMPACT\n\nAn attacker who exploits these vulnerabilities may be able to perform man-in-the-middle attacks, create denial of service conditions, or remotely execute arbitrary code.\n\n## MITIGATION\n\nRockwell Automation has provided a new firmware version, Version 15.6.3, to mitigate these vulnerabilities.\n\nRockwell Automation encourages users of the affected versions to update to the latest available software versions addressing the associated risk, and including improvements to further harden the software and enhance its resilience against similar malicious attacks. Users can find the latest firmware version by searching for their device at the following web site:\n\n<http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15>\n\nAdditional precautions and risk mitigation strategies specific to these types of attacks are recommended in the Rockwell Automation security release. When possible, multiple strategies should be implemented simultaneously.\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041191>\n\nPlease also refer to Cisco\u2019s security advisories (linked below) for additional workarounds and details for these vulnerabilities.\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## VULNERABILITY OVERVIEW\n\n## [**IMPROPER INPUT VALIDATION CWE-20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n[Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns>).\n\n[CVE-2016-6380](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6380>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados>).\n\n[CVE-2016-6393](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6380>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323>).\n\n[CVE-2016-6384](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6384>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1>).\n\n[CVE-2016-6381](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6381>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp>).\n\n[CVE-2016-6382](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6382>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**INFORMATION EXPOSURE CWE-200**](<https://cwe.mitre.org/data/definitions/200.html>)\n\n[IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1>).\n\n[CVE-2016-6415](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6415>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N>)).\n\n## [**INPUT VALIDATION CWE-20 **](<https://cwe.mitre.org/data/definitions/20.html>)\n\n[Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6>).\n\n[CVE-2016-1409](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1409>) has been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip>).\n\n[CVE-2016-1350](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1350>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2>).\n\n[CVE-2016-1344](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1344>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**INTEGER OVERFLOW OR WRAPAROUND CWE 190**](<https://cwe.mitre.org/data/definitions/190.html>)\n\n## [**IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119**](<https://cwe.mitre.org/data/definitions/119.html>)\n\n## [**IMPROPER INPUT VALIDATION CWE-20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n## [**PATH TRAVERSAL CWE-22**](<https://cwe.mitre.org/data/definitions/22.html>)\n\n## [**PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264**](<https://cwe.mitre.org/data/definitions/264.html>)\n\n## [**IMPROPER AUTHENTICATION CWE-287**](<https://cwe.mitre.org/data/definitions/287.html>)\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp>).\n\n[CVE-2015-7691](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7691>), [CVE-2015-7692](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7692>), [CVE-2015-7701](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7701>), [CVE-2015-7702](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7702>), [CVE-2015-7703](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7703>), [CVE-2015-7704](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7704>), [CVE-2015-7705](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7705>), [CVE-2015-7848](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7848>), [CVE-2015-7849](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7849>), [CVE-2015-7850](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7850>), [CVE-2015-7851](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7851>), [CVE-2015-7852](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7852>), [CVE-2015-7853](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7853>), [CVE-2015-7854](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7854>), [CVE-2015-7855](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7855>), and [CVE-2015-7871](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7871>) have been assigned to these vulnerabilities. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L>)).\n\n## [**IMPROPER AUTHENTICATION CWE-287**](<https://cwe.mitre.org/data/definitions/287.html>)\n\n[Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd>).\n\n[CVE-2015-1798](<https://nvd.nist.gov/vuln/detail/CVE-2015-1798>) and [CVE-2015-1799](<https://nvd.nist.gov/vuln/detail/CVE-2015-1799>) have been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N>)).\n\n## [**INPUT VALIDATION CWE 20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2>).\n\n[CVE-2015-0642](<https://nvd.nist.gov/vuln/detail/CVE-2015-0642>) and [CVE-2015-0643](<https://nvd.nist.gov/vuln/detail/CVE-2015-0643>) have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak>).\n\n[CVE-2015-0646](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0646>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119**](<https://cwe.mitre.org/data/definitions/119.html>)\n\n## [**IMPROPER INPUT VALIDATION CWE-20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n## [**CRYPTOGRAPHIC ISSUES CWE 310**](<https://cwe.mitre.org/data/definitions/310.html>)\n\n[Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl>).\n\n[CVE-2015-0207](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0207>), [CVE-2015-0209](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0209>), [CVE-2015-0285](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0285>), [CVE-2015-0287](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0287>), [CVE-2015-0288](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0288>), [CVE-2015-0289](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0289>), [CVE-2015-0290](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0290>), [CVE-2015-0291](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0291>), [CVE-2015-0292](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0292>), [CVE-2015-0293](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0293>), and [CVE-2015-1787](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1787>) have been assigned to these vulnerabilities. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N>)).\n\n## [**CRYPTOGRAPHIC ISSUES CWE 310**](<https://cwe.mitre.org/data/definitions/310.html>)\n\n[SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle>).\n\n[CVE-2014-3566](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6>).\n\n[CVE-2014-3359](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3359>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software Metadata Vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata>).\n\n[CVE-2014-3355](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3355>) and [CVE-2014-3356](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3356>) have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**IMPROPER INPUT VALIDATION CWE-20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n[Cisco IOS Software Network Address Translation Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat>).\n\n[CVE-2014-3361](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3361>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software RSVP Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp>).\n\n[CVE-2014-3354](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3354>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**NUMERIC ERRORS CWE 189**](<https://cwe.mitre.org/data/definitions/189.html>)\n\n[Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip>).\n\n[CVE-2014-3360](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3360>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software IPsec Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140625-CVE-2014-3299>).\n\n[CVE-2014-3299](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3299>) has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**CRYPTOGRAPHIC ISSUES CWE-310**](<https://cwe.mitre.org/data/definitions/310.html>)\n\n## [**RACE CONDITION CWE-362**](<https://cwe.mitre.org/data/definitions/362.html>)\n\n## [**IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119**](<https://cwe.mitre.org/data/definitions/119.html>)\n\n## [**RESOURCE MANAGEMENT ERRORS CWE-399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n## [**NULL POINTER DEREFERENCE CWE-476**](<https://cwe.mitre.org/data/definitions/476.html>)\n\n[Multiple Vulnerabilities in OpenSSL Affecting Cisco Products](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl>).\n\n[CVE-2010-5298](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298>), [CVE-2014-0076](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076>), [CVE-2014-0195](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0195>), [CVE-2014-0198](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198>), [CVE-2014-0221](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0221>), [CVE-2014-0224](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224>), and [CVE-2014-3470](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470>) have been assigned to these vulnerabilities. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H>)).\n\n## [**IMPROPER INPUT VALIDATION CWE-20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n[Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6>).\n\n[CVE-2014-2113](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2113>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ikev2>).\n\n[CVE-2014-2108](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2108>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**IMPROPER INPUT VALIDATION CWE-20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software Network Address Translation Vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat>).\n\n[CVE-2014-2109](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2109>) and [CVE-2014-2111](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2111>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**IMPROPER INPUT VALIDATION CWE-20**](<https://cwe.mitre.org/data/definitions/20.html>)\n\n[Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip>).\n\n[CVE-2014-2106](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2106>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## [**RESOURCE MANAGEMENT ERRORS CWE 399**](<https://cwe.mitre.org/data/definitions/399.html>)\n\n[Cisco IOS Software SSL VPN Denial of Service Vulnerability](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn>).\n\n[CVE-2014-2112](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2112>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n## RESEARCHER\n\nCisco Systems, Inc. reported these vulnerabilities to Rockwell Automation.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Critical Manufacturing, Energy, Water and Wastewater Systems\n\n**Area Deployed:** Worldwide\n\n**Company Headquarters Location: **United States\n", "modified": "2017-05-10T00:00:00", "published": "2017-05-09T00:00:00", "id": "ICSA-17-094-04", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-094-04", "title": "Rockwell Automation Stratix 5900", "type": "ics", "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}]}