Vulners
Lucene search
MiracleLinux 7 : ntp-4.2.6p5-22.0.1.el7.AXS7 (AXSA:2015-852:03)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2015-852:03.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(289627);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");
script_cve_id(
"CVE-2014-9750",
"CVE-2014-9751",
"CVE-2015-1798",
"CVE-2015-1799",
"CVE-2015-3405"
);
script_name(english:"MiracleLinux 7 : ntp-4.2.6p5-22.0.1.el7.AXS7 (AXSA:2015-852:03)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2015-852:03 advisory.
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.
Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.
Security issues fixed with this release:
CVE-2014-9297
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750,
CVE-2014-9751. Reason: this ID was intended for one issue, but was
associated with two issues. Notes: All CVE users should consult
CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest.
All references and descriptions in this candidate have been removed to
prevent accidental usage.
CVE-2014-9298
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750,
CVE-2014-9751. Reason: this ID was intended for one issue, but was
associated with two issues. Notes: All CVE users should consult
CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest.
All references and descriptions in this candidate have been removed to
prevent accidental usage.
CVE-2014-9750
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey
Authentication is enabled, allows remote attackers to obtain sensitive
information from process memory or cause a denial of service (daemon
crash) via a packet containing an extension field with an invalid
value for the length of its value field.
CVE-2014-9751
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before
4.2.8p1 on Linux and OS X does not properly determine whether a source
IP address is an IPv6 loopback address, which makes it easier for
remote attackers to spoof restricted packets, and read or write to the
runtime state, by leveraging the ability to reach the ntpd machine's
network interface with a packet from the ::1 address.
CVE-2015-1798
The symmetric-key feature in the receive function in ntp_proto.c in
ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC
field has a nonzero length, which makes it easier for
man-in-the-middle attackers to spoof packets by omitting the MAC.
CVE-2015-1799
The symmetric-key feature in the receive function in ntp_proto.c in
ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates
upon receiving certain invalid packets, which makes it easier for
man-in-the-middle attackers to cause a denial of service
(synchronization loss) by spoofing the source IP address of a peer.
CVE-2015-3405
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Fixed bugs:
* The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it
was impossible to configure NTP authentication to work with peers that use longer keys. With this update,
the maximum key length has been changed to 32 bytes.
* The ntpd service could previously join multicast groups only when starting, which caused problems if
ntpd was started during system boot before network was configured. With this update, ntpd attempts to join
multicast groups every time network configuration is changed.
* Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently,
generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to
use the exponent of 65537, and generating keys in FIPS mode now works as expected.
* The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port).
With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to
correctly synchronize with the server.
Enhancements:
* This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets,
simplifying configuration in large networks where different NTP implementations or versions are using
different DSCP values.
* This update adds the ability to configure separate clock stepping thresholds for each direction
(backward and forward). Use the stepback and stepfwd options to configure each threshold.
* Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference
clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source
to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond
resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond
synchronization of the system clock.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/6240");
script_set_attribute(attribute:"solution", value:
"Update the affected ntp and / or ntpdate packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9751");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-3405");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/04");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:ntp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:ntpdate");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '7',
'pkgs': [
{'reference':'ntp-4.2.6p5-22.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'ntpdate-4.2.6p5-22.0.1.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ntp / ntpdate');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jan 2026 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 26.8
CVSS 37.5
EPSS0.16556