Lucene search
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2018-0290.NASLHistoryDec 21, 2018 - 12:00 a.m.
OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290)
2018-12-2100:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37
The remote OracleVM system is missing necessary patches to address critical security updates :
-
add disable monitor to default ntp.conf [CVE-2013-5211]
-
fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)
-
fix CVE-2016-7429 patch to work correctly on multicast client (#1422973)
-
fix buffer overflow in datum refclock driver (CVE-2017-6462)
-
fix crash with invalid unpeer command (CVE-2017-6463)
-
fix potential crash with invalid server command (CVE-2017-6464)
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2018-0290.
#
include("compat.inc");
if (description)
{
script_id(119823);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
script_cve_id("CVE-2013-5211", "CVE-2016-7429", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2018-12327");
script_bugtraq_id(64692);
script_name(english:"OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290)");
script_summary(english:"Checks the RPM output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote OracleVM host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :
- add disable monitor to default ntp.conf [CVE-2013-5211]
- fix buffer overflow in parsing of address in ntpq and
ntpdc (CVE-2018-12327)
- fix CVE-2016-7429 patch to work correctly on multicast
client (#1422973)
- fix buffer overflow in datum refclock driver
(CVE-2017-6462)
- fix crash with invalid unpeer command (CVE-2017-6463)
- fix potential crash with invalid server command
(CVE-2017-6464)"
);
# https://oss.oracle.com/pipermail/oraclevm-errata/2018-December/000925.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?0a1122bd"
);
# https://oss.oracle.com/pipermail/oraclevm-errata/2018-December/000924.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?26f22544"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected ntp / ntpdate packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:ntp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:ntpdate");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/02");
script_set_attribute(attribute:"patch_publication_date", value:"2018/12/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/21");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"OracleVM Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"OVS3.3", reference:"ntp-4.2.6p5-15.0.1.el6_10")) flag++;
if (rpm_check(release:"OVS3.3", reference:"ntpdate-4.2.6p5-15.0.1.el6_10")) flag++;
if (rpm_check(release:"OVS3.4", reference:"ntp-4.2.6p5-15.0.1.el6_10")) flag++;
if (rpm_check(release:"OVS3.4", reference:"ntpdate-4.2.6p5-15.0.1.el6_10")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntpdate");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327
www.nessus.org/u?0a1122bd
www.nessus.org/u?26f22544
Related
oraclelinux
oraclelinux
ntp security update
2018-12-19 00:00:00
ntp security, bug fix, and enhancement update
2019-08-13 00:00:00
ntp security, bug fix, and enhancement update
2018-04-16 00:00:00
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Multiple Vulnerabilities (NS-SA-2019-0029)
2019-08-12 00:00:00
Scientific Linux Security Update : ntp on SL7.x x86_64 (20180410)
2018-05-01 00:00:00
CentOS 6 : ntp (CESA-2017:3071)
2017-10-30 00:00:00
redhat
redhat
(RHSA-2018:0855) Moderate: ntp security, bug fix, and enhancement update
2018-04-10 05:02:34
(RHSA-2017:3071) Moderate: ntp security update
2017-10-26 06:19:03
(RHSA-2018:3853) Low: ntp security update
2018-12-19 16:24:08
ibm
ibm
openvas
openvas
RedHat Update for ntp RHSA-2017:3071-01
2017-10-27 00:00:00
CentOS Update for ntp CESA-2017:3071 centos6
2017-10-27 00:00:00
Fedora Update for ntp FEDORA-2017-5ebac1c112
2017-03-29 00:00:00
centos
centos
ntp, ntpdate, sntp security update
2018-04-26 17:47:34
ntp, ntpdate security update
2017-10-26 11:47:10
ntp, ntpdate, sntp security update
2019-08-30 03:44:39
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities of ntp
2017-04-12 00:00:00
ntpd DRDoS / Amplification Attack using ntpdc monlist command
2014-01-01 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:03.ntp
2017-04-12 00:00:00
FreeBSD-SA-14:02.ntpd
2014-01-14 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-44.fc24
2017-04-18 16:49:59
[SECURITY] Fedora 25 Update: ntp-4.2.6p5-44.fc25
2017-03-29 01:35:03
[SECURITY] Fedora 26 Update: ntp-4.2.8p10-1.fc26
2017-04-01 18:10:49
mageia
mageia
Updated ntp packages fix security vulnerability
2017-05-09 09:35:29
Updated ntp packages fix security vulnerability
2018-09-13 23:38:07
Updated ntp packages work around security vulnerability
2014-01-31 20:44:56
amazon
amazon
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:30:44
Denial Of Service (DoS)
2019-01-15 09:27:06
Denial Of Service (DoS)
2019-05-02 06:37:19
prion
prion
Code injection
2017-01-13 16:59:00
Stack overflow
2018-06-20 14:29:00
Security feature bypass
2014-01-02 14:59:00
ubuntucve
ubuntucve
ubuntu
ubuntu
NTP vulnerability
2020-01-09 00:00:00
NTP vulnerability
2021-03-15 00:00:00
redhatcve
redhatcve
cve
cve
debiancve
debiancve
securityvulns
securityvulns
ntp traffic amplification
2014-01-14 00:00:00
[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)
2014-01-14 00:00:00
TA14-013A: NTP Amplification Attacks Using CVE-2013-5211
2014-01-14 00:00:00
suse
suse
DDoS reflection attacks in ntp
2014-01-20 17:05:38
zdt
zdt
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-29 00:00:00
ntp 4.2.8p11 - Local Buffer Overflow (PoC) Vulnerability
2018-06-20 00:00:00
checkpoint_advisories
checkpoint_advisories
NTP Servers Monlist Command Denial of Service (CVE-2013-5211)
2014-01-19 00:00:00
cert
cert
NTP can be abused to amplify denial-of-service attack traffic
2014-01-10 00:00:00
threatpost
threatpost
Volume of NTP Amplification Attacks Getting Louder
2014-04-29 13:03:29
NTP Amplification Blamed for 400 Gbps DDoS Attack
2014-02-11 12:21:35
PointDNS Recovers from Massive DDoS Attack
2014-05-12 15:35:26
packetstorm
packetstorm
ntp 4.2.8p11 Local Buffer Overflow
2018-06-21 00:00:00
NTP Amplification Denial Of Service Tool
2014-07-16 00:00:00
exploitpack
exploitpack
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
2018-06-20 00:00:00
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
f5
f5
SOL15154 - NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
K42332834 : NTP vulnerability CVE-2018-12327
2018-09-28 00:00:00
K15154 : NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
osv
osv
ntp vulnerability
2021-03-15 22:24:29
slackware
slackware
ntp
2014-02-13 16:38:35
archlinux
archlinux
[ASA-201810-2] ntp: arbitrary code execution
2018-10-01 00:00:00
checkpoint_security
checkpoint_security
Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)
2014-03-01 22:00:00
fortinet
fortinet
FortiAnalyzer could potentially be used in NTP amplification attacks
2020-06-22 00:00:00
metasploit
metasploit
NTP Monitor List Scanner
2010-01-27 23:25:17
thn
thn
gentoo
gentoo
NTP: Traffic amplification
2014-01-16 00:00:00
ics
ics
NTP Reflection Attack
2018-09-06 12:00:00
Related for ORACLEVM_OVMSA-2018-0290.NASL