{"id": "SUSE_SU-2017-1047-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : ntp (SUSE-SU-2017:1047-1)", "description": "This ntp update to version 4.2.8p10 fixes serveral issues. This\nupdated enables leap smearing. See\n/usr/share/doc/packages/ntp/README.leapsmear for details. Security\nissues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags Bugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane \n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2017-04-19T00:00:00", "modified": "2017-04-19T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/99467", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1014172", "https://www.suse.com/security/cve/CVE-2017-6463/", "https://www.suse.com/security/cve/CVE-2017-6462/", "https://www.suse.com/security/cve/CVE-2016-9042/", "https://www.suse.com/security/cve/CVE-2017-6458/", "https://www.suse.com/security/cve/CVE-2017-6460/", "https://www.suse.com/security/cve/CVE-2017-6451/", "https://bugzilla.suse.com/show_bug.cgi?id=1030050", "https://www.suse.com/security/cve/CVE-2017-6464/", "http://www.nessus.org/u?ad1585a6"], "cvelist": ["CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "type": "nessus", "lastseen": "2021-01-07T14:25:40", "edition": 33, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["NTP_4_2_8P10.NASL", "FREEBSD_PKG_3C0237F5420E11E782C514DAE9D210B8.NASL", "OPENSUSE-2017-511.NASL", "ALA_ALAS-2017-816.NASL", "SUSE_SU-2017-1048-1.NASL", "FEDORA_2017-5EBAC1C112.NASL", "FEDORA_2017-20D54B2782.NASL", "FEDORA_2017-72323A442F.NASL", "SLACKWARE_SSA_2017-112-02.NASL", "SUSE_SU-2017-1052-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:C73F2604D4D2", "FEDORA:B1E3A608B7EA", "FEDORA:67E46607601A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220171125", "OPENVAS:1361412562310811790", "OPENVAS:1361412562310872584", "OPENVAS:1361412562311220171124", "OPENVAS:1361412562310812055", "OPENVAS:1361412562310843238", "OPENVAS:1361412562310872533", "OPENVAS:1361412562310106996", "OPENVAS:1361412562310882794", "OPENVAS:1361412562310810678"]}, {"type": "amazon", "idList": ["ALAS-2017-816", "ALAS2-2018-1009"]}, {"type": "cve", "idList": ["CVE-2017-6458", "CVE-2017-6464", "CVE-2017-6460", "CVE-2017-6463", "CVE-2017-6462", "CVE-2017-6451", "CVE-2016-9042"]}, {"type": "slackware", "idList": ["SSA-2017-112-02"]}, {"type": "freebsd", "idList": ["3C0237F5-420E-11E7-82C5-14DAE9D210B8"]}, {"type": "f5", "idList": ["F5:K39041624", "F5:K99254031", "F5:K07082049", "F5:K32262483", "F5:K96670746", "F5:K02951273", "F5:K31310492"]}, {"type": "aix", "idList": ["NTP_ADVISORY9.ASC"]}, {"type": "symantec", "idList": ["SMNTC-1403"]}, {"type": "centos", "idList": ["CESA-2017:3071", "CESA-2018:0855"]}, {"type": "redhat", "idList": ["RHSA-2018:0855", "RHSA-2017:3071"]}, {"type": "seebug", "idList": ["SSV:96543"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:8722C197C1671303FFCA9E919368B734"]}, {"type": "ubuntu", "idList": ["USN-3349-1", "USN-3707-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0855", "ELSA-2017-3071", "ELSA-2018-3854"]}, {"type": "paloalto", "idList": ["PAN-SA-2017-0022"]}, {"type": "talos", "idList": ["TALOS-2016-0260"]}, {"type": "apple", "idList": ["APPLE:HT208144"]}], "modified": "2021-01-07T14:25:40", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2021-01-07T14:25:40", "rev": 2}, "vulnersScore": 7.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1047-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99467);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6460\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n\n script_name(english:\"SUSE SLES12 Security Update : ntp (SUSE-SU-2017:1047-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ntp update to version 4.2.8p10 fixes serveral issues. This\nupdated enables leap smearing. See\n/usr/share/doc/packages/ntp/README.leapsmear for details. Security\nissues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags Bugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane \n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6451/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6460/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6462/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad1585a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-612=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-612=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-4.2.8p10-46.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-debuginfo-4.2.8p10-46.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-debugsource-4.2.8p10-46.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ntp-doc-4.2.8p10-46.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "99467", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ntp-doc", "p-cpe:/a:novell:suse_linux:ntp-debugsource", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}

{"fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9042", "CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6460", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation in HTML format is in the ntp-doc package. ", "modified": "2017-04-01T18:10:49", "published": "2017-04-01T18:10:49", "id": "FEDORA:C73F2604D4D2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: ntp-4.2.8p10-1.fc26", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. ", "modified": "2017-04-18T16:49:59", "published": "2017-04-18T16:49:59", "id": "FEDORA:67E46607601A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: ntp-4.2.6p5-44.fc24", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. ", "modified": "2017-03-29T01:35:03", "published": "2017-03-29T01:35:03", "id": "FEDORA:B1E3A608B7EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: ntp-4.2.6p5-44.fc25", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:15:26", "description": "Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463\nCVE-2017-6458 CVE-2017-6451 CVE-2017-6460 CVE-2016-9042.\n\n----\n\nThis update improves the default configuration file to use the pool\ndirective. It also replaces the ntpstat program with a shell script\nthat uses the ntpq program instead of implementing the mode 6\nprotocol.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : ntp (2017-20d54b2782)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-20D54B2782.NASL", "href": "https://www.tenable.com/plugins/nessus/101588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-20d54b2782.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101588);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6460\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_xref(name:\"FEDORA\", value:\"2017-20d54b2782\");\n\n script_name(english:\"Fedora 26 : ntp (2017-20d54b2782)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463\nCVE-2017-6458 CVE-2017-6451 CVE-2017-6460 CVE-2016-9042.\n\n----\n\nThis update improves the default configuration file to use the pool\ndirective. It also replaces the ntpstat program with a shell script\nthat uses the ntpq program instead of implementing the mode 6\nprotocol.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"ntp-4.2.8p10-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:25:40", "description": "This ntp update to version 4.2.8p10 fixes serveral issues. This\nupdated enables leap smearing. See\n/usr/share/doc/packages/ntp/README.leapsmear for details. Security\nissues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags Bugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane \n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 33, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-19T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-04-19T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ntp-doc", "p-cpe:/a:novell:suse_linux:ntp-debugsource", "p-cpe:/a:novell:suse_linux:ntp-debuginfo", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2017-1048-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1048-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99468);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6460\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ntp update to version 4.2.8p10 fixes serveral issues. This\nupdated enables leap smearing. See\n/usr/share/doc/packages/ntp/README.leapsmear for details. Security\nissues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags Bugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane \n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6451/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6460/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6462/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171048-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c858737\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-611=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-611=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-611=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-611=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-611=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debuginfo-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-debugsource-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ntp-doc-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-debugsource-4.2.8p10-60.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.8p10-60.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:47:28", "description": "This ntp update to version 4.2.8p10 fixes the following issues:\nSecurity issues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags Bugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - Fixing ppc and ppc64 linker issue (bsc#1031085).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane \n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-19T00:00:00", "title": "SUSE SLES11 Security Update : ntp (SUSE-SU-2017:1052-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-04-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ntp-doc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:ntp"], "id": "SUSE_SU-2017-1052-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1052-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99469);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6460\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n\n script_name(english:\"SUSE SLES11 Security Update : ntp (SUSE-SU-2017:1052-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ntp update to version 4.2.8p10 fixes the following issues:\nSecurity issues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags Bugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - Fixing ppc and ppc64 linker issue (bsc#1031085).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane \n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6451/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6460/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6462/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171052-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1dfa73fc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ntp-13066=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ntp-13066=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ntp-4.2.8p10-63.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ntp-doc-4.2.8p10-63.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:32:36", "description": "This ntp update to version 4.2.8p10 fixes serveral issues.\n\nThis updated enables leap smearing. See\n/usr/share/doc/packages/ntp/README.leapsmear for details.\n\nSecurity issues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags\n\nBugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane < maxclock < minclock\n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 22, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-27T00:00:00", "title": "openSUSE Security Update : ntp (openSUSE-2017-511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-04-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ntp-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:ntp-debugsource", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:ntp"], "id": "OPENSUSE-2017-511.NASL", "href": "https://www.tenable.com/plugins/nessus/99700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-511.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99700);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6460\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n\n script_name(english:\"openSUSE Security Update : ntp (openSUSE-2017-511)\");\n script_summary(english:\"Check for the openSUSE-2017-511 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ntp update to version 4.2.8p10 fixes serveral issues.\n\nThis updated enables leap smearing. See\n/usr/share/doc/packages/ntp/README.leapsmear for details.\n\nSecurity issues fixed (bsc#1030050) :\n\n - CVE-2017-6464: Denial of Service via Malformed Config\n\n - CVE-2017-6462: Buffer Overflow in DPTS Clock\n\n - CVE-2017-6463: Authenticated DoS via Malicious Config\n Option\n\n - CVE-2017-6458: Potential Overflows in ctl_put()\n functions\n\n - CVE-2017-6451: Improper use of snprintf() in\n mx4200_send()\n\n - CVE-2017-6460: Buffer Overflow in ntpq when fetching\n reslist\n\n - CVE-2016-9042: 0rigin (zero origin) DoS.\n\n - ntpq_stripquotes() returns incorrect Value\n\n - ereallocarray()/eallocarray() underused\n\n - Copious amounts of Unused Code\n\n - Off-by-one in Oncore GPS Receiver\n\n - Makefile does not enforce Security Flags\n\nBugfixes :\n\n - Remove spurious log messages (bsc#1014172).\n\n - clang scan-build findings\n\n - Support for openssl-1.1.0 without compatibility modes\n\n - Bugfix 3072 breaks multicastclient\n\n - forking async worker: interrupted pipe I/O\n\n - (...) time_pps_create: Exec format error\n\n - Incorrect Logic for Peer Event Limiting\n\n - Change the process name of forked DNS worker\n\n - Trap Configuration Fail\n\n - Nothing happens if minsane < maxclock < minclock\n\n - allow -4/-6 on restrict line with mask\n\n - out-of-bound pointers in ctl_putsys and decode_bitflags\n\n - Move ntp-kod to /var/lib/ntp, because /var/db is not a\n standard directory and causes problems for transactional\n updates.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030050\"\n );\n # https://features.opensuse.org/321003\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ntp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ntp-4.2.8p10-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ntp-debuginfo-4.2.8p10-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ntp-debugsource-4.2.8p10-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ntp-4.2.8p10-29.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ntp-debuginfo-4.2.8p10-29.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ntp-debugsource-4.2.8p10-29.3.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-debugsource\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:34", "description": "Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463\nCVE-2017-6458 CVE-2017-6451.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-19T00:00:00", "title": "Fedora 24 : ntp (2017-72323a442f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-04-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-72323A442F.NASL", "href": "https://www.tenable.com/plugins/nessus/99445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-72323a442f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99445);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_xref(name:\"FEDORA\", value:\"2017-72323a442f\");\n\n script_name(english:\"Fedora 24 : ntp (2017-72323a442f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463\nCVE-2017-6458 CVE-2017-6451.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"ntp-4.2.6p5-44.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:19:33", "description": "Denial of Service via Malformed Config :\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause\nntpd to crash by sending a crafted message.(CVE-2017-6464)\n\nPotential Overflows in ctl_put() functions :\n\nA vulnerability was found in NTP, in the building of response packets\nwith custom fields. If custom fields were configured in ntp.conf with\nparticularly long names, inclusion of these fields in the response\npacket could cause a buffer overflow, leading to a crash.\n(CVE-2017-6458)\n\nImproper use of snprintf() in mx4200_send() :\n\nA vulnerability was found in NTP, in the legacy MX4200 refclock\nimplementation. If this refclock was compiled in and used, an attacker\nmay be able to induce stack overflow, leading to a crash or potential\ncode execution.(CVE-2017-6451)\n\nAuthenticated DoS via Malicious Config Option :\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause\nntpd to crash by sending a crafted message.(CVE-2017-6463)\n\nBuffer Overflow in DPTS Clock :\n\nA vulnerability was found in NTP, in the parsing of packets from the\n/dev/datum device. A malicious device could send crafted messages,\ncausing ntpd to crash.(CVE-2017-6462)", "edition": 28, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-21T00:00:00", "title": "Amazon Linux AMI : ntp (ALAS-2017-816)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntpdate", "p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-816.NASL", "href": "https://www.tenable.com/plugins/nessus/99529", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-816.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99529);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_xref(name:\"ALAS\", value:\"2017-816\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2017-816)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Denial of Service via Malformed Config :\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause\nntpd to crash by sending a crafted message.(CVE-2017-6464)\n\nPotential Overflows in ctl_put() functions :\n\nA vulnerability was found in NTP, in the building of response packets\nwith custom fields. If custom fields were configured in ntp.conf with\nparticularly long names, inclusion of these fields in the response\npacket could cause a buffer overflow, leading to a crash.\n(CVE-2017-6458)\n\nImproper use of snprintf() in mx4200_send() :\n\nA vulnerability was found in NTP, in the legacy MX4200 refclock\nimplementation. If this refclock was compiled in and used, an attacker\nmay be able to induce stack overflow, leading to a crash or potential\ncode execution.(CVE-2017-6451)\n\nAuthenticated DoS via Malicious Config Option :\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause\nntpd to crash by sending a crafted message.(CVE-2017-6463)\n\nBuffer Overflow in DPTS Clock :\n\nA vulnerability was found in NTP, in the parsing of packets from the\n/dev/datum device. A malicious device could send crafted messages,\ncausing ntpd to crash.(CVE-2017-6462)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-816.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.6p5-44.34.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.6p5-44.34.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.6p5-44.34.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.6p5-44.34.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.6p5-44.34.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:19", "description": "Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463\nCVE-2017-6458 CVE-2017-6451.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-30T00:00:00", "title": "Fedora 25 : ntp (2017-5ebac1c112)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-03-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:ntp"], "id": "FEDORA_2017-5EBAC1C112.NASL", "href": "https://www.tenable.com/plugins/nessus/99053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5ebac1c112.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99053);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-6451\", \"CVE-2017-6458\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_xref(name:\"FEDORA\", value:\"2017-5ebac1c112\");\n\n script_name(english:\"Fedora 25 : ntp (2017-5ebac1c112)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463\nCVE-2017-6458 CVE-2017-6451.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5ebac1c112\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"ntp-4.2.6p5-44.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:00:38", "description": "The version of the remote NTP server is 4.x prior to 4.2.8p10. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists in the\n receive() function within file ntpd/ntp_proto.c due to\n the expected origin timestamp being cleared when a\n packet with a zero origin timestamp is received. An\n unauthenticated, remote attacker can exploit this issue,\n via specially crafted network packets, to reset the\n expected origin timestamp for a target peer, resulting\n in legitimate replies being dropped. (CVE-2016-9042)\n\n - An out-of-bounds write error exists in the mx4200_send()\n function within file ntpd/refclock_mx4200.c due to\n improper handling of the return value of the snprintf()\n and vsnprintf() functions. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition or possibly the execution of arbitrary code.\n However, neither the researcher nor vendor could find\n any exploitable code path. (CVE-2017-6451)\n\n - A stack-based buffer overflow condition exists in the\n addSourceToRegistry() function within file\n ports/winnt/instsrv/instsrv.c due to improper validation\n of certain input when adding registry keys. A local\n attacker can exploit this to execute arbitrary code.\n (CVE-2017-6452)\n\n - A flaw exists due to dynamic link library (DLL) files\n being preloaded when they are defined in the inherited\n environment variable 'PPSAPI_DLLS'. A local attacker can\n exploit this, via specially crafted DLL files, to\n execute arbitrary code with elevated privileges.\n (CVE-2017-6455)\n\n - Multiple stack-based buffer overflow conditions exist in\n various wrappers around the ctl_putdata() function\n within file ntpd/ntp_control.c due to improper\n validation of certain input from the ntp.conf file.\n An unauthenticated, remote attacker can exploit these,\n by convincing a user into deploying a specially\n crafted ntp.conf file, to cause a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2017-6458)\n\n - A flaw exists in the addKeysToRegistry() function within\n file ports/winnt/instsrv/instsrv.c when running the\n Windows installer due to improper termination of strings\n used for adding registry keys, which may cause malformed\n registry entries to be created. A local attacker can\n exploit this issue to possibly disclose sensitive memory\n contents. (CVE-2017-6459)\n\n - A stack-based buffer overflow condition exists in the\n reslist() function within file ntpq/ntpq-subs.c when\n handling server responses due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this, by convincing a user to connect to a\n malicious NTP server and by using a specially crafted\n server response, to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2017-6460)\n\n - A stack-based buffer overflow condition exists in the\n datum_pts_receive() function within file\n ntpd/refclock_datum.c when handling handling packets\n from the '/dev/datum' device due to improper validation\n of certain input. A local attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-6462)\n\n - A denial of service vulnerability exists within file\n ntpd/ntp_config.c when handling 'unpeer' configuration\n options. An authenticated, remote attacker can exploit\n this issue, via an 'unpeer' option value of '0', to\n crash the ntpd daemon. (CVE-2017-6463)\n\n - A denial of service vulnerability exists when handling\n configuration directives. An authenticated, remote\n attacker can exploit this, via a malformed 'mode'\n configuration directive, to crash the ntpd daemon.\n (CVE-2017-6464)\n\n - A flaw exists in the ntpq_stripquotes() function within\n file ntpq/libntpq.c due to the function returning an\n incorrect value. An unauthenticated, remote attacker can\n possibly exploit this to have an unspecified impact.\n\n - An off-by-one overflow condition exists in the\n oncore_receive() function in file ntpd/refclock_oncore.c\n that possibly allows an unauthenticated, remote attacker\n to have an unspecified impact.\n\n - A flaw exists due to certain code locations not invoking\n the appropriate ereallocarray() and eallocarray()\n functions. An unauthenticated, remote attacker can\n possibly exploit this to have an unspecified impact.\n\n - A flaw exists due to the static inclusion of unused code\n from the libisc, libevent, and libopts libraries. An\n unauthenticated, remote attacker can possibly exploit\n this to have an unspecified impact.\n\n - A security weakness exists in the Makefile due to a\n failure to provide compile or link flags to offer\n hardened security options by default.", "edition": 37, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-27T00:00:00", "title": "Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p10 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6459", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6452", "CVE-2017-6464"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ntp:ntp"], "id": "NTP_4_2_8P10.NASL", "href": "https://www.tenable.com/plugins/nessus/97988", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97988);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\n \"CVE-2016-9042\",\n \"CVE-2017-6451\",\n \"CVE-2017-6452\",\n \"CVE-2017-6455\",\n \"CVE-2017-6458\",\n \"CVE-2017-6459\",\n \"CVE-2017-6460\",\n \"CVE-2017-6462\",\n \"CVE-2017-6463\",\n \"CVE-2017-6464\"\n );\n script_bugtraq_id(\n 97045,\n 97046,\n 97049,\n 97050,\n 97051,\n 97052,\n 97058\n );\n script_xref(name:\"CERT\", value:\"325339\");\n\n script_name(english:\"Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p10 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for a vulnerable NTP server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NTP server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the remote NTP server is 4.x prior to 4.2.8p10. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists in the\n receive() function within file ntpd/ntp_proto.c due to\n the expected origin timestamp being cleared when a\n packet with a zero origin timestamp is received. An\n unauthenticated, remote attacker can exploit this issue,\n via specially crafted network packets, to reset the\n expected origin timestamp for a target peer, resulting\n in legitimate replies being dropped. (CVE-2016-9042)\n\n - An out-of-bounds write error exists in the mx4200_send()\n function within file ntpd/refclock_mx4200.c due to\n improper handling of the return value of the snprintf()\n and vsnprintf() functions. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition or possibly the execution of arbitrary code.\n However, neither the researcher nor vendor could find\n any exploitable code path. (CVE-2017-6451)\n\n - A stack-based buffer overflow condition exists in the\n addSourceToRegistry() function within file\n ports/winnt/instsrv/instsrv.c due to improper validation\n of certain input when adding registry keys. A local\n attacker can exploit this to execute arbitrary code.\n (CVE-2017-6452)\n\n - A flaw exists due to dynamic link library (DLL) files\n being preloaded when they are defined in the inherited\n environment variable 'PPSAPI_DLLS'. A local attacker can\n exploit this, via specially crafted DLL files, to\n execute arbitrary code with elevated privileges.\n (CVE-2017-6455)\n\n - Multiple stack-based buffer overflow conditions exist in\n various wrappers around the ctl_putdata() function\n within file ntpd/ntp_control.c due to improper\n validation of certain input from the ntp.conf file.\n An unauthenticated, remote attacker can exploit these,\n by convincing a user into deploying a specially\n crafted ntp.conf file, to cause a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2017-6458)\n\n - A flaw exists in the addKeysToRegistry() function within\n file ports/winnt/instsrv/instsrv.c when running the\n Windows installer due to improper termination of strings\n used for adding registry keys, which may cause malformed\n registry entries to be created. A local attacker can\n exploit this issue to possibly disclose sensitive memory\n contents. (CVE-2017-6459)\n\n - A stack-based buffer overflow condition exists in the\n reslist() function within file ntpq/ntpq-subs.c when\n handling server responses due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this, by convincing a user to connect to a\n malicious NTP server and by using a specially crafted\n server response, to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2017-6460)\n\n - A stack-based buffer overflow condition exists in the\n datum_pts_receive() function within file\n ntpd/refclock_datum.c when handling handling packets\n from the '/dev/datum' device due to improper validation\n of certain input. A local attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-6462)\n\n - A denial of service vulnerability exists within file\n ntpd/ntp_config.c when handling 'unpeer' configuration\n options. An authenticated, remote attacker can exploit\n this issue, via an 'unpeer' option value of '0', to\n crash the ntpd daemon. (CVE-2017-6463)\n\n - A denial of service vulnerability exists when handling\n configuration directives. An authenticated, remote\n attacker can exploit this, via a malformed 'mode'\n configuration directive, to crash the ntpd daemon.\n (CVE-2017-6464)\n\n - A flaw exists in the ntpq_stripquotes() function within\n file ntpq/libntpq.c due to the function returning an\n incorrect value. An unauthenticated, remote attacker can\n possibly exploit this to have an unspecified impact.\n\n - An off-by-one overflow condition exists in the\n oncore_receive() function in file ntpd/refclock_oncore.c\n that possibly allows an unauthenticated, remote attacker\n to have an unspecified impact.\n\n - A flaw exists due to certain code locations not invoking\n the appropriate ereallocarray() and eallocarray()\n functions. An unauthenticated, remote attacker can\n possibly exploit this to have an unspecified impact.\n\n - A flaw exists due to the static inclusion of unused code\n from the libisc, libevent, and libopts libraries. An\n unauthenticated, remote attacker can possibly exploit\n this to have an unspecified impact.\n\n - A security weakness exists in the Makefile due to a\n failure to provide compile or link flags to offer\n hardened security options by default.\");\n # http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68156231\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3361\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3376\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3377\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3378\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3379\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3380\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3381\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3382\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3383\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3384\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3385\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3386\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3387\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3388\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3389\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to NTP version 4.2.8p10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6458\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ntp:ntp\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ntp_open.nasl\");\n script_require_keys(\"NTP/Running\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Make sure NTP server is running\nget_kb_item_or_exit('NTP/Running');\n\napp_name = \"NTP Server\";\n\nport = get_kb_item(\"Services/udp/ntp\");\nif (empty_or_null(port)) port = 123;\n\nversion = get_kb_item_or_exit(\"Services/ntp/version\");\nif (version == 'unknown') audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\nmatch = eregmatch(string:version, pattern:\"([0-9a-z.]+)\");\nif (isnull(match) || empty_or_null(match[1])) audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\n# Paranoia check\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = match[1];\nverfields = split(ver, sep:\".\", keep:FALSE);\nmajor = int(verfields[0]);\nminor = int(verfields[1]);\nif ('p' >< verfields[2])\n{\n revpatch = split(verfields[2], sep:\"p\", keep:FALSE);\n rev = int(revpatch[0]);\n patch = int(revpatch[1]);\n}\nelse\n{\n rev = verfields[2];\n patch = 0;\n}\n\n# This vulnerability affects NTP 4.x < 4.2.8p10\n# Check for vuln, else audit out.\nif (\n (major == 4 && minor < 2) ||\n (major == 4 && minor == 2 && rev < 8) ||\n (major == 4 && minor == 2 && rev == 8 && patch < 10)\n)\n{\n fix = \"4.2.8p10\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nreport =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\nsecurity_report_v4(\n port : port,\n proto : \"udp\",\n extra : report,\n severity : SECURITY_WARNING\n);\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:11:00", "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, 14.2, and -current to fix security issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-24T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2017-112-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6459", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6452", "CVE-2017-6464"], "modified": "2017-04-24T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:ntp", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2017-112-02.NASL", "href": "https://www.tenable.com/plugins/nessus/99597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-112-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99597);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6451\", \"CVE-2017-6452\", \"CVE-2017-6455\", \"CVE-2017-6458\", \"CVE-2017-6459\", \"CVE-2017-6460\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_xref(name:\"SSA\", value:\"2017-112-02\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2017-112-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a77564e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p10\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:49:12", "description": "A vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. [CVE-2017-6464]\n\nA vulnerability was found in NTP, in the parsing of packets from the\nDPTS Clock. [CVE-2017-6462]\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. [CVE-2017-6463]\n\nA vulnerability was found in NTP, affecting the origin timestamp check\nfunction. [CVE-2016-9042] Impact : A remote, authenticated attacker\ncould cause ntpd to crash by sending a crafted message.\n[CVE-2017-6463, CVE-2017-6464]\n\nA malicious device could send crafted messages, causing ntpd to crash.\n[CVE-2017-6462]\n\nAn attacker able to spoof messages from all of the configured peers\ncould send crafted packets to ntpd, causing later replies from those\npeers to be discarded, resulting in denial of service. [CVE-2016-9042]", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-30T00:00:00", "title": "FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (3c0237f5-420e-11e7-82c5-14dae9d210b8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "modified": "2017-05-30T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "id": "FREEBSD_PKG_3C0237F5420E11E782C514DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/100496", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100496);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_xref(name:\"FreeBSD\", value:\"SA-17:03.ntp\");\n\n script_name(english:\"FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (3c0237f5-420e-11e7-82c5-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. [CVE-2017-6464]\n\nA vulnerability was found in NTP, in the parsing of packets from the\nDPTS Clock. [CVE-2017-6462]\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. [CVE-2017-6463]\n\nA vulnerability was found in NTP, affecting the origin timestamp check\nfunction. [CVE-2016-9042] Impact : A remote, authenticated attacker\ncould cause ntpd to crash by sending a crafted message.\n[CVE-2017-6463, CVE-2017-6464]\n\nA malicious device could send crafted messages, causing ntpd to crash.\n[CVE-2017-6462]\n\nAn attacker able to spoof messages from all of the configured peers\ncould send crafted packets to ntpd, causing later replies from those\npeers to be discarded, resulting in denial of service. [CVE-2016-9042]\"\n );\n # https://vuxml.freebsd.org/freebsd/3c0237f5-420e-11e7-82c5-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbdad86b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=11.0<11.0_9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.3<10.3_18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-10-03T12:10:51", "description": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-04T20:29:00", "title": "CVE-2016-9042", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9042"], "modified": "2019-10-31T19:15:00", "cpe": ["cpe:/o:freebsd:freebsd:11.0", "cpe:/o:freebsd:freebsd:10.0", "cpe:/a:ntp:ntp:4.2.8"], "id": "CVE-2016-9042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9042", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:46", "description": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T17:59:00", "title": "CVE-2017-6460", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6460"], "modified": "2017-10-24T01:29:00", "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.93", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.9", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.91", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.92", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.90", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "id": "CVE-2017-6460", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6460", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:46", "description": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T17:59:00", "title": "CVE-2017-6458", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6458"], "modified": "2017-10-24T01:29:00", "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.93", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.9", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.91", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.92", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.90", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "id": "CVE-2017-6458", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6458", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:46", "description": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-27T17:59:00", "title": "CVE-2017-6464", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6464"], "modified": "2018-04-12T01:29:00", "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.93", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.9", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.91", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.92", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.90", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "id": "CVE-2017-6464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6464", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:46", "description": "The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T17:59:00", "title": "CVE-2017-6451", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6451"], "modified": "2017-10-24T01:29:00", "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.93", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.9", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.91", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.92", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.90", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "id": "CVE-2017-6451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6451", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:46", "description": "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T17:59:00", "title": "CVE-2017-6462", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6462"], "modified": "2019-01-24T11:29:00", "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.93", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.9", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.91", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.92", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.90", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "id": "CVE-2017-6462", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6462", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:46", "description": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-27T17:59:00", "title": "CVE-2017-6463", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6463"], "modified": "2019-01-24T11:29:00", "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.93", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.9", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.91", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.92", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.90", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "id": "CVE-2017-6463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6463", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:34:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-29T00:00:00", "id": "OPENVAS:1361412562310872533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872533", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2017-5ebac1c112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2017-5ebac1c112\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872533\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-29 06:27:05 +0200 (Wed, 29 Mar 2017)\");\n script_cve_id(\"CVE-2017-6464\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6458\",\n \"CVE-2017-6451\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2017-5ebac1c112\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-5ebac1c112\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~44.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-04-19T00:00:00", "id": "OPENVAS:1361412562310872584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872584", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2017-72323a442f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2017-72323a442f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872584\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-19 06:37:25 +0200 (Wed, 19 Apr 2017)\");\n script_cve_id(\"CVE-2017-6464\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6458\", \"CVE-2017-6451\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2017-72323a442f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-72323a442f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~44.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:37:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6459", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-6451", "CVE-2017-6458", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6452", "CVE-2017-6464"], "description": "The host is running NTP.org", "modified": "2020-03-04T00:00:00", "published": "2017-03-23T00:00:00", "id": "OPENVAS:1361412562310810678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810678", "type": "openvas", "title": "NTP.org 'ntpd' Multiple Denial-of-Service Vulnerabilities - Mar17", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# NTP Multiple Denial-of-Service Vulnerabilities -Mar17\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ntp:ntp\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810678\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2017-6464\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6455\",\n \"CVE-2017-6452\", \"CVE-2017-6459\", \"CVE-2017-6458\", \"CVE-2017-6451\",\n \"CVE-2017-6460\", \"CVE-2016-9042\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-23 11:35:22 +0530 (Thu, 23 Mar 2017)\");\n script_name(\"NTP.org 'ntpd' Multiple Denial-of-Service Vulnerabilities - Mar17\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ntp_detect_lin.nasl\");\n script_mandatory_keys(\"ntpd/version/detected\");\n\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3389\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3388\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3387\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3386\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3385\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3384\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3383\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3382\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3381\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3380\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3379\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3378\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3377\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3376\");\n script_xref(name:\"URL\", value:\"http://support.ntp.org/bin/view/Main/NtpBug3361\");\n\n script_tag(name:\"summary\", value:\"The host is running NTP.org's reference implementation\n of NTP server, ntpd and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n\n - Improper handling of a malformed mode configuration directive.\n\n - A buffer overflow error in Legacy Datum Programmable Time Server refclock\n driver.\n\n - Improper handling of an invalid setting via the :config directive.\n\n - Incorrect pointer usage in the function 'ntpq_stripquotes'.\n\n - No allocation of memory for a specific amount of items of the same size in\n 'oreallocarray' function.\n\n - ntpd configured to use the PPSAPI under Windows.\n\n - Limited passed application path size under Windows.\n\n - An error leading to garbage registry creation in Windows.\n\n - Copious amounts of Unused Code.\n\n - Off-by-one error in Oncore GPS Receiver.\n\n - Potential Overflows in 'ctl_put' functions.\n\n - Improper use of 'snprintf' function in mx4200_send function.\n\n - Buffer Overflow in ntpq when fetching reslist from a malicious ntpd.\n\n - Potential Overflows in 'ctl_put' functions.\n\n - Potential denial of service in origin timestamp check functionality of ntpd.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"NTP.org's ntpd versions 4.x before 4.2.8p10 and 4.3.x\n before 4.3.94.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to NTP.org's ntpd version 4.2.8p10 or 4.3.94\n or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_full(cpe:CPE, port:port))\n exit(0);\n\nif(!version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif(version =~ \"^4\\.[0-2]\") {\n if(revcomp(a:version, b:\"4.2.8p10\") < 0) {\n report = report_fixed_ver(installed_version:version, fixed_version:\"4.2.8p10\", install_path:location);\n security_message(port:port, proto:proto, data:report);\n exit(0);\n }\n}\n\nelse if(version =~ \"^4\\.3\") {\n if(revcomp(a:version, b:\"4.3.94\") < 0) {\n report = report_fixed_ver(installed_version:version, fixed_version:\"4.3.94\", install_path:location);\n security_message(port:port, proto:proto, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-10-27T00:00:00", "id": "OPENVAS:1361412562310812055", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812055", "type": "openvas", "title": "RedHat Update for ntp RHSA-2017:3071-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_3071-01_ntp.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for ntp RHSA-2017:3071-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812055\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 14:30:25 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ntp RHSA-2017:3071-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used\n to synchronize a computer's time with another referenced time source. These\n packages include the ntpd service which continuously adjusts system time and\n utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n * Two vulnerabilities were discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause ntpd\nto crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464)\n\n * A vulnerability was found in NTP, in the parsing of packets from the\n/dev/datum device. A malicious device could send crafted messages, causing\nntpd to crash. (CVE-2017-6462)\n\nRed Hat would like to thank the NTP project for reporting these issues.\nUpstream acknowledges Cure53 as the original reporter of these issues.\");\n script_tag(name:\"affected\", value:\"ntp on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:3071-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00037.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~12.el6_9.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~12.el6_9.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~12.el6_9.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "Check the version of ntp", "modified": "2019-03-08T00:00:00", "published": "2017-10-27T00:00:00", "id": "OPENVAS:1361412562310882794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882794", "type": "openvas", "title": "CentOS Update for ntp CESA-2017:3071 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_3071_ntp_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for ntp CESA-2017:3071 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882794\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 14:31:55 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ntp CESA-2017:3071 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of ntp\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with another referenced time source. These packages\ninclude the ntpd service which continuously adjusts system time and utilities\nused to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n * Two vulnerabilities were discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause ntpd\nto crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464)\n\n * A vulnerability was found in NTP, in the parsing of packets from the\n/dev/datum device. A malicious device could send crafted messages, causing\nntpd to crash. (CVE-2017-6462)\n\nRed Hat would like to thank the NTP project for reporting these issues.\nUpstream acknowledges Cure53 as the original reporter of these issues.\");\n script_tag(name:\"affected\", value:\"ntp on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:3071\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022608.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~12.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~12.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~12.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~12.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6460", "CVE-2016-9042"], "description": "The Network Time Protocol (NTP) library has been found to contains two\nvulnerabilities CVE-2016-9042 and CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library\nand may be affected. This issue only affects the management plane of the firewall.", "modified": "2018-10-26T00:00:00", "published": "2017-07-28T00:00:00", "id": "OPENVAS:1361412562310106996", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106996", "type": "openvas", "title": "Palo Alto PAN-OS NTP Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_panos_pan_sa-2017_0022.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Palo Alto PAN-OS NTP Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:paloaltonetworks:pan-os';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106996\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-28 10:39:33 +0700 (Fri, 28 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2016-9042\", \"CVE-2017-6460\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Palo Alto PAN-OS NTP Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Palo Alto PAN-OS Local Security Checks\");\n script_dependencies(\"gb_palo_alto_panOS_version.nasl\");\n script_mandatory_keys(\"palo_alto_pan_os/version\");\n\n script_tag(name:\"summary\", value:\"The Network Time Protocol (NTP) library has been found to contains two\nvulnerabilities CVE-2016-9042 and CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library\nand may be affected. This issue only affects the management plane of the firewall.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"PAN-OS 6.1, PAN-OS 7.0, PAN-OS 7.1, PAN-OS 8.0.3 and earlier.\");\n\n script_tag(name:\"solution\", value:\"Update to PAN-OS 7.0.18 or later, PAN-OS 7.1.12 or later, PAN-OS 8.0.4 or\nlater.\");\n\n script_xref(name:\"URL\", value:\"https://securityadvisories.paloaltonetworks.com/Home/Detail/92\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nmodel = get_kb_item(\"palo_alto_pan_os/model\");\n\nif (version_is_less(version: version, test_version: \"7.0.18\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.0.18\");\n if (model)\n report += '\\nModel: ' + model;\n\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"7.1\", test_version2: \"7.1.11\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.1.12\");\n if (model)\n report += '\\nModel: ' + model;\n\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.3\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.4\");\n if (model)\n report += '\\nModel: ' + model;\n\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2017-6460", "CVE-2016-7433", "CVE-2017-6458", "CVE-2016-7427", "CVE-2016-9042", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-2519", "CVE-2016-7428", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426", "CVE-2016-7431"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310843238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843238", "type": "openvas", "title": "Ubuntu Update for ntp USN-3349-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3349_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for ntp USN-3349-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843238\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:54:52 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2016-2519\", \"CVE-2016-7426\", \"CVE-2016-7427\", \"CVE-2016-7428\",\n \"CVE-2016-7429\", \"CVE-2016-7431\", \"CVE-2016-7433\", \"CVE-2016-7434\", \"CVE-2016-9042\",\n \"CVE-2016-9310\", \"CVE-2016-9311\", \"CVE-2017-6458\", \"CVE-2017-6460\", \"CVE-2017-6462\",\n \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for ntp USN-3349-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Yihan Lian discovered that NTP incorrectly\n handled certain large request data values. A remote attacker could possibly use\n this issue to cause NTP to crash, resulting in a denial of service. This issue\n only affected Ubuntu 16.04 LTS. (CVE-2016-2519) Miroslav Lichvar discovered that\n NTP incorrectly handled certain spoofed addresses when performing rate limiting.\n A remote attacker could possibly use this issue to perform a denial of service.\n This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.\n (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled\n certain crafted broadcast mode packets. A remote attacker could possibly use\n this issue to perform a denial of service. This issue only affected Ubuntu 14.04\n LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428) Miroslav\n Lichvar discovered that NTP incorrectly handled certain responses. A remote\n attacker could possibly use this issue to perform a denial of service. This\n issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.\n (CVE-2016-7429) Sharon Goldberg and Aanchal Malhotra discovered that NTP\n incorrectly handled origin timestamps of zero. A remote attacker could possibly\n use this issue to bypass the origin timestamp protection mechanism. This issue\n only affected Ubuntu 16.10. (CVE-2016-7431) Brian Utterback, Sharon Goldberg and\n Aanchal Malhotra discovered that NTP incorrectly performed initial sync\n calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10.\n (CVE-2016-7433) Magnus Stubman discovered that NTP incorrectly handled certain\n mrulist queries. A remote attacker could possibly use this issue to cause NTP to\n crash, resulting in a denial of service. This issue only affected Ubuntu 16.04\n LTS and Ubuntu 16.10. (CVE-2016-7434) Matthew Van Gund discovered that NTP\n incorrectly handled origin timestamp checks. A remote attacker could possibly\n use this issue to perform a denial of service. This issue only affected Ubuntu\n Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042) Matthew Van Gundy discovered\n that NTP incorrectly handled certain control mode packets. A remote attacker\n could use this issue to set or unset traps. This issue only applied to Ubuntu\n 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310) Matthew Van Gundy\n discovered that NTP incorrectly handled the trap service. A remote attacker\n could possibly use this issue to cause NTP to crash, resulting in a denial of\n service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and\n Ubuntu 16.10. (CVE-2016-9311) It was di ... Description truncated, for more\n information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"ntp on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3349-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3349-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-3ubuntu2.14.04.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p9+dfsg-2ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p8+dfsg-1ubuntu2.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p4+dfsg-3ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1548", "CVE-2016-4956", "CVE-2016-4955", "CVE-2016-2516", "CVE-2016-4954", "CVE-2015-8139", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171124", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171124", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1124)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1124\");\n script_version(\"2020-01-23T10:52:03+0000\");\n script_cve_id(\"CVE-2015-8139\", \"CVE-2016-2516\", \"CVE-2016-4954\", \"CVE-2016-4955\", \"CVE-2016-4956\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:52:03 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:52:03 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1124)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1124\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1124\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ntp' package(s) announced via the EulerOS-SA-2017-1124 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.CVE-2015-8139\n\nNTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.CVE-2016-2516\n\nThe process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.CVE-2016-4954\n\nntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.CVE-2016-4955\n\nntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.CVE-2016-4956\n\nBuffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.CVE-2017-6462\n\nNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.CVE-2017-6463\n\nNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.CVE-2017-6464\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~25.0.1.h13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~25.0.1.h13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:36:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1548", "CVE-2016-4956", "CVE-2016-4955", "CVE-2016-2516", "CVE-2016-4954", "CVE-2015-8139", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171125", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1125)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1125\");\n script_version(\"2020-01-23T10:52:12+0000\");\n script_cve_id(\"CVE-2015-8139\", \"CVE-2016-2516\", \"CVE-2016-4954\", \"CVE-2016-4955\", \"CVE-2016-4956\", \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:52:12 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:52:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1125)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1125\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1125\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ntp' package(s) announced via the EulerOS-SA-2017-1125 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.(CVE-2015-8139)\n\nNTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.(CVE-2016-2516)\n\nThe process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.(CVE-2016-4954)\n\nntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.(CVE-2016-4955)\n\nntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.(CVE-2016-4956)\n\nBuffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.(CVE-2017-6462)\n\nNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.(CVE-2017-6463)\n\nNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.(CVE-2017-6464)\");\n\n script_tag(name:\"affected\", value:\"'ntp' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~25.0.1.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~25.0.1.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-17T14:22:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6459", "CVE-2017-7077", "CVE-2017-9233", "CVE-2017-10989", "CVE-2017-7143", "CVE-2016-9840", "CVE-2017-7084", "CVE-2017-7138", "CVE-2016-9063", "CVE-2017-7126", "CVE-2017-11103", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-7130", "CVE-2017-7128", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-6451", "CVE-2017-1000373", "CVE-2017-7083", "CVE-2017-7121", "CVE-2017-7074", "CVE-2017-7078", "CVE-2017-7129", "CVE-2017-0381", "CVE-2017-7080", "CVE-2017-6458", "CVE-2017-7141", "CVE-2017-7119", "CVE-2016-9042", "CVE-2017-7125", "CVE-2017-6462", "CVE-2017-6463", "CVE-2016-9843", "CVE-2017-6452", "CVE-2017-7086", "CVE-2017-7082", "CVE-2016-9841", "CVE-2017-7127", "CVE-2017-6464", "CVE-2017-7124", "CVE-2017-7123", "CVE-2017-7122"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-09-26T00:00:00", "id": "OPENVAS:1361412562310811790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811790", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-HT208144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-HT208144\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811790\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-7084\", \"CVE-2017-7074\", \"CVE-2017-7143\", \"CVE-2017-7083\",\n \"CVE-2017-0381\", \"CVE-2017-7138\", \"CVE-2017-7121\", \"CVE-2017-7122\",\n \"CVE-2017-7123\", \"CVE-2017-7124\", \"CVE-2017-7125\", \"CVE-2017-7126\",\n \"CVE-2017-11103\", \"CVE-2017-7077\", \"CVE-2017-7119\", \"CVE-2017-7114\",\n \"CVE-2017-7086\", \"CVE-2017-1000373\", \"CVE-2016-9063\", \"CVE-2017-9233\",\n \"CVE-2017-7141\", \"CVE-2017-7078\", \"CVE-2017-6451\", \"CVE-2017-6452\",\n \"CVE-2017-6455\", \"CVE-2017-6458\", \"CVE-2017-6459\", \"CVE-2017-6460\",\n \"CVE-2017-6462\", \"CVE-2017-6463\", \"CVE-2017-6464\", \"CVE-2016-9042\",\n \"CVE-2017-7082\", \"CVE-2017-7080\", \"CVE-2017-10989\", \"CVE-2017-7128\",\n \"CVE-2017-7129\", \"CVE-2017-7130\", \"CVE-2017-7127\", \"CVE-2016-9840\",\n \"CVE-2016-9841\", \"CVE-2016-9842\", \"CVE-2016-9843\");\n script_bugtraq_id(999551, 97074, 99276, 95131, 97049, 99502, 97078, 97076, 99177,\n 97058, 94337, 97045, 95248, 97046, 97052, 97050, 97051);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-09-26 12:22:46 +0530 (Tue, 26 Sep 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-HT208144\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple issues in zlib, SQLite, ntp, expat and files.\n\n - Multiple memory corruption issues.\n\n - A certificate validation issue existed in the handling of revocation data.\n\n - Window management, memory consumption and validation issues.\n\n - An encryption issue existed in the handling of mail drafts.\n\n - Turning off 'Load remote content in messages' did not apply to all mailboxes.\n\n - A resource exhaustion issue in 'glob' function.\n\n - A permissions issue existed in the handling of the Apple ID.\n\n - An out-of-bounds read error.\n\n - The security state of the captive portal browser was not obvious.\n\n - An upgrade issue existed in the handling of firewall settings.\n\n - Some unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to cause a denial of service, read unencrypted password over the network, gain\n access to potentially sensitive information, determine the Apple ID of the owner\n of the computer, impersonate a service, execute arbitrary code with system\n privileges, execute arbitrary code with kernel privileges, able to intercept\n mail contents, revoked certificate to be trusted and have other unknown impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.8 through 10.12.x\n prior to 10.13\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.13 or later. Note: According to the vendor an upgrade to version 10.13 is required to\n mitigate this vulnerabilities. Please see the advisory (HT208144) for more info.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208144\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.(8|9|10|11|12)\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.(8|9|10|11|12)\"){\n if(version_in_range(version:osVer, test_version:\"10.8\", test_version2:\"10.12.9\")){\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"According to the vendor an upgrade to version 10.13 is required to mitigate this vulnerabilities. Please see the advisory (HT208144) for more info.\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "**Issue Overview:**\n\nDenial of Service via Malformed Config: \nA vulnerability was discovered in the NTP server&#x27;s parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.([CVE-2017-6464 __](<https://access.redhat.com/security/cve/CVE-2017-6464>))\n\nPotential Overflows in ctl_put() functions: \nA vulnerability was found in NTP, in the building of response packets with custom fields. If custom fields were configured in ntp.conf with particularly long names, inclusion of these fields in the response packet could cause a buffer overflow, leading to a crash. ([CVE-2017-6458 __](<https://access.redhat.com/security/cve/CVE-2017-6458>))\n\nImproper use of snprintf() in mx4200_send(): \nA vulnerability was found in NTP, in the legacy MX4200 refclock implementation. If this refclock was compiled in and used, an attacker may be able to induce stack overflow, leading to a crash or potential code execution.([CVE-2017-6451 __](<https://access.redhat.com/security/cve/CVE-2017-6451>))\n\nAuthenticated DoS via Malicious Config Option: \nA vulnerability was discovered in the NTP server&#x27;s parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.([CVE-2017-6463 __](<https://access.redhat.com/security/cve/CVE-2017-6463>))\n\nBuffer Overflow in DPTS Clock: \nA vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash.([CVE-2017-6462 __](<https://access.redhat.com/security/cve/CVE-2017-6462>))\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n ntp-4.2.6p5-44.34.amzn1.i686 \n ntpdate-4.2.6p5-44.34.amzn1.i686 \n ntp-debuginfo-4.2.6p5-44.34.amzn1.i686 \n \n noarch: \n ntp-doc-4.2.6p5-44.34.amzn1.noarch \n ntp-perl-4.2.6p5-44.34.amzn1.noarch \n \n src: \n ntp-4.2.6p5-44.34.amzn1.src \n \n x86_64: \n ntpdate-4.2.6p5-44.34.amzn1.x86_64 \n ntp-4.2.6p5-44.34.amzn1.x86_64 \n ntp-debuginfo-4.2.6p5-44.34.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2017-04-20T05:54:00", "published": "2017-04-20T05:54:00", "id": "ALAS-2017-816", "href": "https://alas.aws.amazon.com/ALAS-2017-816.html", "title": "Medium: ntp", "type": "amazon", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7184", "CVE-2016-9311", "CVE-2015-7704", "CVE-2016-7433", "CVE-2018-7185", "CVE-2018-7183", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-9310", "CVE-2018-7170", "CVE-2016-1549", "CVE-2017-6464", "CVE-2018-7182", "CVE-2016-7426"], "description": "**Issue Overview:**\n\nEphemeral association time spoofing additional protection \nntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim&#x27;s clock via a Sybil attack. This issue exists because of an incomplete fix for [CVE-2016-1549 __](<https://access.redhat.com/security/cve/CVE-2016-1549>).([CVE-2018-7170 __](<https://access.redhat.com/security/cve/CVE-2018-7170>))\n\nInterleaved symmetric mode cannot recover from bad state \nntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the &quot;received&quot; timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for [CVE-2015-7704 __](<https://access.redhat.com/security/cve/CVE-2015-7704>).([CVE-2018-7184 __](<https://access.redhat.com/security/cve/CVE-2018-7184>))\n\nEphemeral association time spoofing \nA malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim&#x27;s clock.([CVE-2016-1549 __](<https://access.redhat.com/security/cve/CVE-2016-1549>))\n\nBuffer read overrun leads information leak in ctl_getitem() \nThe ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. ([CVE-2018-7182 __](<https://access.redhat.com/security/cve/CVE-2018-7182>))\n\nUnauthenticated packet can reset authenticated interleaved association \nThe protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the &quot;other side&quot; of an interleaved association causing the victim ntpd to reset its association.([CVE-2018-7185 __](<https://access.redhat.com/security/cve/CVE-2018-7185>))\n\ndecodearr() can write beyond its buffer limit \nBuffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.([CVE-2018-7183 __](<https://access.redhat.com/security/cve/CVE-2018-7183>))\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n ntp-perl-4.2.6p5-28.amzn2.2.1.noarch \n ntp-doc-4.2.6p5-28.amzn2.2.1.noarch \n \n src: \n ntp-4.2.6p5-28.amzn2.2.1.src \n \n x86_64: \n ntp-4.2.6p5-28.amzn2.2.1.x86_64 \n ntpdate-4.2.6p5-28.amzn2.2.1.x86_64 \n sntp-4.2.6p5-28.amzn2.2.1.x86_64 \n ntp-debuginfo-4.2.6p5-28.amzn2.2.1.x86_64 \n \n \n", "edition": 1, "modified": "2018-05-10T17:11:00", "published": "2018-05-10T17:11:00", "id": "ALAS2-2018-1009", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1009.html", "title": "Medium: ntp", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9042", "CVE-2017-6451", "CVE-2017-6452", "CVE-2017-6455", "CVE-2017-6458", "CVE-2017-6459", "CVE-2017-6460", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz: Upgraded.\n In addition to bug fixes and enhancements, this release fixes security\n issues of medium and low severity:\n Denial of Service via Malformed Config (Medium)\n Authenticated DoS via Malicious Config Option (Medium)\n Potential Overflows in ctl_put() functions (Medium)\n Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)\n 0rigin DoS (Medium)\n Buffer Overflow in DPTS Clock (Low)\n Improper use of snprintf() in mx4200_send() (Low)\n The following issues do not apply to Linux systems:\n Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)\n Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)\n Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p10-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p10-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p10-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p10-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p10-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p10-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p10-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\ne3e18355dbb881f31030c325d396691f ntp-4.2.8p10-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n7ca81f398c6f3fc306cf5e0ce4821ff7 ntp-4.2.8p10-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nbb14e63e0ea28856fb14816848fad378 ntp-4.2.8p10-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n77bee4e0b7d7bae54c431210ba7b20f8 ntp-4.2.8p10-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n4424d362ec1dcb75d35560cc25f291b8 ntp-4.2.8p10-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n94bea621e2bad59b80553a9516c4ddb6 ntp-4.2.8p10-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nb9edb40c9e94a8248b57f96a0f7d0f49 ntp-4.2.8p10-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd8a52549c46ca33833f68d7b063ab1f2 ntp-4.2.8p10-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nb36dd3b339aff2718dbd541a9f44b0a4 ntp-4.2.8p10-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nb55bc11c2aa8d0378005af5dbb105119 ntp-4.2.8p10-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n1e625a8f4732aa776992210eaac05f04 ntp-4.2.8p10-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n22f25f35765d0cb3ece21e5db79091cd ntp-4.2.8p10-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n78de6454532d6c7d52242eadab528d64 n/ntp-4.2.8p10-i586-1.txz\n\nSlackware x86_64 -current package:\n0522a4270909826999d07567e9a9de56 n/ntp-4.2.8p10-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p10-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart\n\nNOTE: On Slackware -current, first install the new etc package, and then\nbe sure to move the .new config files and rc.ntpd script into place before\nrestarting!", "modified": "2017-04-22T16:42:41", "published": "2017-04-22T16:42:41", "id": "SSA-2017-112-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848", "type": "slackware", "title": "[slackware-security] ntp", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "\nProblem Description:\nA vulnerability was discovered in the NTP server's parsing\n\tof configuration directives. [CVE-2017-6464]\nA vulnerability was found in NTP, in the parsing of\n\tpackets from the DPTS Clock. [CVE-2017-6462]\nA vulnerability was discovered in the NTP server's parsing\n\tof configuration directives. [CVE-2017-6463]\nA vulnerability was found in NTP, affecting the origin\n\ttimestamp check function. [CVE-2016-9042]\nImpact:\nA remote, authenticated attacker could cause ntpd to\n\tcrash by sending a crafted message. [CVE-2017-6463,\n\tCVE-2017-6464]\nA malicious device could send crafted messages, causing\n\tntpd to crash. [CVE-2017-6462]\nAn attacker able to spoof messages from all of the\n\tconfigured peers could send crafted packets to ntpd, causing\n\tlater replies from those peers to be discarded, resulting\n\tin denial of service. [CVE-2016-9042]\n", "edition": 4, "modified": "2017-04-12T00:00:00", "published": "2017-04-12T00:00:00", "id": "3C0237F5-420E-11E7-82C5-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/3c0237f5-420e-11e7-82c5-14dae9d210b8.html", "title": "FreeBSD -- Multiple vulnerabilities of ntp", "type": "freebsd", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:48", "bulletinFamily": "software", "cvelist": ["CVE-2016-9042"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.2.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.1.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2018-07-09T19:51:00", "published": "2017-05-11T23:10:00", "id": "F5:K39041624", "href": "https://support.f5.com/csp/article/K39041624", "title": "NTP vulnerability CVE-2016-9042", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:40:40", "bulletinFamily": "software", "cvelist": ["CVE-2017-6460"], "description": "\nF5 Product Development has assigned ID 656912 (BIG-IP), ID 657597 (BIG-IQ), ID 657596 (Enterprise Manager), ID 507785 (ARX) and ID 659968 (iWF) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H31310492 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.2.1 - 11.6.3 | Not vulnerable | None \nBIG-IP AAM | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.4.0 - 11.6.3 | Not vulnerable | None \nBIG-IP AFM | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.4.0 - 11.6.3 | Not vulnerable | None \nBIG-IP Analytics | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.2.1 - 11.6.3 | Not vulnerable | None \nBIG-IP APM | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.2.1 - 11.6.3 | Not vulnerable | None \nBIG-IP ASM | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.2.1 - 11.6.3 | Not vulnerable | None \nBIG-IP DNS | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.2.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.2.1 - 11.6.3 | Not vulnerable | None \nBIG-IP PEM | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.4.0 - 11.6.3 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 14.0.0 - 14.1.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.4.0 - 11.6.3 | Not vulnerable | None \nARX | 6.2.0 - 6.4.0 | None | Low | NTP package \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 6.0.0 - 6.1.0 \n5.0.0 - 5.4.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | NTP package \nF5 iWorkflow | 2.0.0 - 2.1.0 | None | Low | NTP package \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | NTP package\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nBefore querying for the reslist of a network time protocol (NTP) instance, ensure that the **ntpd **instance is owned by you or by a trusted source.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "edition": 1, "modified": "2018-12-21T00:02:00", "published": "2017-05-09T00:04:00", "id": "F5:K31310492", "href": "https://support.f5.com/csp/article/K31310492", "title": "NTP vulnerability CVE-2017-6460", "type": "f5", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:39:29", "bulletinFamily": "software", "cvelist": ["CVE-2017-6458"], "description": "\nF5 Product Development has assigned ID 656912 (BIG-IP), ID 657597 (BIG-IQ), ID 657596 (Enterprise Manager), and ID 456789 (F5 iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H99254031 on the **Diagnostics** &gt; **Identified** &gt; **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP Edge Gateway | 11.2.1 | None | Low | NTP package \nBIG-IP GTM | 11.4.0 - 11.6.3 \n11.2.1 | None | Low | NTP package \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Low | NTP package \nBIG-IP WebAccelerator | 11.2.1 | None | Low | NTP package \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | NTP package \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ Device | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ Security | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ ADC | 4.5.0 | None | Low | NTP package \nBIG-IQ Centralized Management | 5.0.0 - 5.2.0 \n4.6.0 | None | Low | NTP package \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | NTP package \nF5 iWorkflow | 2.0.0 - 2.1.0 | None | Low | NTP package \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | NTP package\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nDo not set variable names longer than 200 to 512 bytes in your **ntp.conf** file.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-12-20T22:13:00", "published": "2017-05-08T23:21:00", "id": "F5:K99254031", "href": "https://support.f5.com/csp/article/K99254031", "title": "NTP vulnerability CVE-2017-6458", "type": "f5", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:39:32", "bulletinFamily": "software", "cvelist": ["CVE-2017-6464"], "description": "\nF5 Product Development has assigned ID 656912 (BIG-IP), ID 657596 (Enterprise Manager), ID 657597 (BIG-IQ), ID 659968 (iWorkflow), and CPF-23673, CPF-23674, CPF-23675 (Traffix) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H96670746 on the **Diagnostics** &gt; **Identified** &gt; **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP Edge Gateway | 11.2.1 | None | Low | ntpd \nBIG-IP GTM | 11.4.0 - 11.6.3 \n11.2.1 | None | Low | ntpd \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Low | ntpd \nBIG-IP WebAccelerator | 11.2.1 | None | Low | ntpd \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.3 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.0 \n12.1.3 - 12.1.4 | Low | ntpd \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable1 | None \nEnterprise Manager | 3.1.1 | None | Low | ntpd \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | None | Low | ntpd \nBIG-IQ Device | 4.4.0 - 4.5.0 | None | Low | ntpd \nBIG-IQ Security | 4.4.0 - 4.5.0 | None | Low | ntpd \nBIG-IQ ADC | 4.5.0 | None | Low | ntpd \nBIG-IQ Centralized Management | 5.0.0 - 5.4.0 \n4.6.0 | None | Low | ntpd \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | ntpd \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Low | ntpd \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | ntpd \n \n1 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nIf you have customized and enabled the NTP mode configuration features, the system should use the access control list to restrict access to remote NTP instances. In addition, you should permit access to F5 products only over a secure network and limit login access to only trusted users. For more information, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2018-12-20T23:36:00", "published": "2017-05-09T16:03:00", "id": "F5:K96670746", "href": "https://support.f5.com/csp/article/K96670746", "title": "NTP vulnerability CVE-2017-6464", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:39:34", "bulletinFamily": "software", "cvelist": ["CVE-2017-6451"], "description": "\nF5 Product Development has assigned ID 656912 (BIG-IP), ID 657597 (BIG-IQ), ID 657596 (Enterprise Manager), and ID 456789 (F5 iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H32262483 on the **Diagnostics** &gt; **Identified** &gt; **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP Edge Gateway | 11.2.1 | None | Low | NTP package \nBIG-IP GTM | 11.4.0 - 11.6.3 \n11.2.1 | None | Low | NTP package \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Low | NTP package \nBIG-IP WebAccelerator | 11.2.1 | None | Low | NTP package \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | NTP package \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ Device | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ Security | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ ADC | 4.5.0 | None | Low | NTP package \nBIG-IQ Centralized Management | 5.0.0 - 5.2.0 \n4.6.0 | None | Low | NTP package \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | NTP package \nF5 iWorkflow | 2.0.0 - 2.1.0 | None | Low | NTP package \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | NTP package\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo mitigate this vulnerability, avoid enabling the MX4200 refclock.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-12-20T22:08:00", "published": "2017-05-08T20:18:00", "id": "F5:K32262483", "href": "https://support.f5.com/csp/article/K32262483", "title": "NTP vulnerability CVE-2017-6451", "type": "f5", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:40:21", "bulletinFamily": "software", "cvelist": ["CVE-2017-6462"], "description": "\nF5 Product Development has assigned ID 656912 (BIG-IP), ID 657597 (BIG-IQ), ID 657596 (Enterprise Manager), ID 507785 (ARX), and ID 659968 (F5 iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H07082049 on the **Diagnostics** &gt; **Identified** &gt; **Low **page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP Edge Gateway | 11.2.1 | None | Low | NTP package \nBIG-IP GTM | 11.4.0 - 11.6.3 \n11.2.1 | None | Low | NTP package \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Low | NTP package \nBIG-IP WebAccelerator | 11.2.1 | None | Low | NTP package \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | NTP package \nARX | None | 6.2.0 - 6.4.0 | Not Vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | NTP package \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ Device | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ Security | 4.4.0 - 4.5.0 | None | Low | NTP package \nBIG-IQ ADC | 4.5.0 | None | Low | NTP package \nBIG-IQ Centralized Management | 5.0.0 - 5.4.0 \n4.6.0 | None | Low | NTP package \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | NTP package \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Low | NTP package \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | NTP package\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nDo not use the datum ref clock device and if the device is used, ensure that it is not being maliciously controlled by an untrusted source.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-12-20T22:37:00", "published": "2017-05-08T20:43:00", "id": "F5:K07082049", "href": "https://support.f5.com/csp/article/K07082049", "title": "NTP vulnerability CVE-2017-6462", "type": "f5", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:40:26", "bulletinFamily": "software", "cvelist": ["CVE-2017-6463"], "description": "\nF5 Product Development has assigned ID 656912 (BIG-IP), ID 657596 (Enterprise Manager), ID 657597 (BIG-IQ), ID 659968 (F5 iWorkflow), and CPF-23673, CPF-23674, and CPF-23675 (Traffix) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H02951273 on the **Diagnostics** &gt; **Identified** &gt; **Low **page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP Edge Gateway | 11.2.1 | None | Low | **ntpd** \nBIG-IP GTM | 11.4.0 - 11.6.3 \n11.2.1 | None | Low | **ntpd** \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 \n11.2.1 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.3 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Low | **ntpd** \nBIG-IP WebAccelerator | 11.2.1 | None | Low | **ntpd** \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.3 | 14.0.0 - 14.1.0 \n\u200b\u200b\u200b\u200b\u200b\u200b\u200b13.0.1 - 13.1.1 \n12.1.3 - 12.1.4 | Low | **ntpd** \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable1 | None \nEnterprise Manager | 3.1.1 | None | Low | **ntpd** \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | None | Low | **ntpd** \nBIG-IQ Device | 4.4.0 - 4.5.0 | None | Low | **ntpd** \nBIG-IQ Security | 4.4.0 - 4.5.0 | None | Low | **ntpd** \nBIG-IQ ADC | 4.5.0 | None | Low | **ntpd** \nBIG-IQ Centralized Management | 5.0.0 - 5.4.0 \n4.6.0 | None | Low | **ntpd** \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | **ntpd** \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Low | **ntpd** \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | **ntpd** \n \n1 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2018-12-20T23:40:00", "published": "2017-05-16T19:06:00", "id": "F5:K02951273", "href": "https://support.f5.com/csp/article/K02951273", "title": "NTP vulnerability CVE-2017-6463", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "aix": [{"lastseen": "2020-04-22T00:52:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6462", "CVE-2017-6464"], "description": "\nIBM SECURITY ADVISORY\n\nFirst Issued: Thu Jul 6 14:53:51 CDT 2017\n|Updated: Mon Nov 13 14:32:25 CST 2017 \n|Update 3: Clarified that AIX 7100-04-05, 7200-00-05, and 7200-01-03 are\n| impacted. An additional iFix is provided for AIX 7100-04-05. The \n| iFixes already provided for 7200-00 and 7200-01 cover 7200-00-05\n| and 7200-01-03.\n\n \nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc\nhttps://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc\nftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc\n\n\nSecurity Bulletin: Vulnerabilities in NTP affect AIX\n CVE-2017-6451 CVE-2017-6458 CVE-2017-6462 CVE-2017-6464\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX. \n\n\n===============================================================================\n\nI.VULNERABILITY DETAILS:\n\nNTPv4 is vulnerable to:\n\nCVEID: CVE-2017-6458\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458\nDESCRIPTION: NTP is vulnerable to a denial of service, caused by multiple buffer \noverflows in the ctl_put() functions. By sending an overly long string argument, \na remote authenticated attacker could exploit this vulnerability to overflow a \nbuffer and cause the application to crash.\nCVSS Base Score: 4.2\nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123616 \nfor the current score\nCVSS Environmental Score*: Undefined\nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H) \n\nCVEID: CVE-2017-6462\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462\nDESCRIPTION: NTP is vulnerable to a denial of service, caused by a buffer overflow \nin the legacy Datum Programmable Time Server refclock driver. By sending specially \ncrafted packets, a local authenticated attacker could exploit this vulnerability \nto overflow a buffer and cause a denial of service.\nCVSS Base Score: 1.6\nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123611 \nfor the current score\nCVSS Environmental Score*: Undefined\nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\nCVEID: CVE-2017-6464\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464\nDESCRIPTION: NTP is vulnerable to a denial of service. A remote authenticated attacker \ncould exploit this vulnerability using a malformed mode configuration directive to cause \nthe application to crash.\nCVSS Base Score: 4.2\nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123610 \nfor the current score\nCVSS Environmental Score*: Undefined\nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H) \n\nNTPv3 is vulnerable to:\n\nCVEID: CVE-2017-6451\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451\nDESCRIPTION: NTP could allow a local attacker to bypass security restrictions, caused by \nan out-of-bounds memory write when handling the return value of snprintf()/vsnprintf() \nfunctions. An attacker could exploit this vulnerability to overwrite a saved instruction \npointer on the stack and gain control over the execution flow.\nCVSS Base Score: 1.8\nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123617 \nfor the current score\nCVSS Environmental Score*: Undefined\nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)\n\nCVEID: CVE-2017-6458\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458\nDESCRIPTION: NTP is vulnerable to a denial of service, caused by multiple buffer \noverflows in the ctl_put() functions. By sending an overly long string argument, \na remote authenticated attacker could exploit this vulnerability to overflow a buffer \nand cause the application to crash.\nCVSS Base Score: 4.2\nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123616 \nfor the current score\nCVSS Environmental Score*: Undefined\nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)\n\nCVEID: CVE-2017-6462\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462\nDESCRIPTION: NTP is vulnerable to a denial of service, caused by a buffer overflow \nin the legacy Datum Programmable Time Server refclock driver. By sending specially crafted \npackets, a local authenticated attacker could exploit this vulnerability to overflow a buffer \nand cause a denial of service.\nCVSS Base Score: 1.6\nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123611 \nfor the current score\nCVSS Environmental Score*: Undefined\nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\nCVEID: CVE-2017-6464\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464\nDESCRIPTION: NTP is vulnerable to a denial of service. A remote authenticated attacker \ncould exploit this vulnerability using a malformed mode configuration directive to cause \nthe application to crash.\nCVSS Base Score: 4.2\nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123610 \nfor the current score\nCVSS Environmental Score*: Undefined\nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H) \n\n \nII. AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n \n For NTPv3:\n\n Fileset Lower Level Upper Level KEY PRODUCT(S)\n ------------------------------------------------------------------\n bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs NTPv3\n bos.net.tcp.client 6.1.9.0 6.1.9.201 key_w_fs NTPv3\n bos.net.tcp.client 7.1.3.0 7.1.3.49 key_w_fs NTPv3\n bos.net.tcp.client 7.1.4.0 7.1.4.32 key_w_fs NTPv3\n bos.net.tcp.ntp 7.2.0.0 7.2.0.2 key_w_fs NTPv3\n bos.net.tcp.ntp 7.2.1.0 7.2.1.0 key_w_fs NTPv3\n bos.net.tcp.ntpd 7.2.0.0 7.2.0.3 key_w_fs NTPv3\n bos.net.tcp.ntpd 7.2.1.0 7.2.1.1 key_w_fs NTPv3\n\n \n For NTPv4:\n\n Fileset Lower Level Upper Level KEY PRODUCT(S) \n -----------------------------------------------------------------\n ntp.rte 6.1.6.0 6.1.6.9 key_w_fs NTPv4\n ntp.rte 7.1.0.0 7.1.0.9 key_w_fs NTPv4\n \n Note: To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's\n guide.\n\n Example: lslpp -L | grep -i ntp.rte \n\n\nIII. REMEDIATION:\n\n \n A. FIXES\n\n Fixes are available.\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix9.tar\n http://aix.software.ibm.com/aix/efixes/security/ntp_fix9.tar\n https://aix.software.ibm.com/aix/efixes/security/ntp_fix9.tar \n\n The links above are to a tar file containing this signed\n advisory, interim fixes, and OpenSSL signatures for each interim fix.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n For NTPv3:\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 5.3.12.9 IV96305m9a.170518.epkg.Z key_w_fix NTPv3\n 6.1.9.7 IV96306m9a.170519.epkg.Z key_w_fix NTPv3\n 6.1.9.8 IV96306m9a.170519.epkg.Z key_w_fix NTPv3\n 6.1.9.9 IV96306m9a.170519.epkg.Z key_w_fix NTPv3\n 7.1.3.7 IV96307m9a.170518.epkg.Z key_w_fix NTPv3\n 7.1.3.8 IV96307m9a.170518.epkg.Z key_w_fix NTPv3\n 7.1.3.9 IV96307m9a.170518.epkg.Z key_w_fix NTPv3\n 7.1.4.2 IV96308m4a.170518.epkg.Z key_w_fix NTPv3\n 7.1.4.3 IV96308m4a.170518.epkg.Z key_w_fix NTPv3\n 7.1.4.4 IV96308m4a.170518.epkg.Z key_w_fix NTPv3\n| 7.1.4.5 IV96308m4b.171107.epkg.Z key_w_fix NTPv3\n 7.2.0.2 IV96309m4a.170518.epkg.Z key_w_fix NTPv3\n 7.2.0.3 IV96309m4a.170518.epkg.Z key_w_fix NTPv3\n 7.2.0.4 IV96309m4a.170518.epkg.Z key_w_fix NTPv3\n 7.2.0.5 IV96309m4a.170518.epkg.Z key_w_fix NTPv3\n 7.2.1.0 IV96310m2a.170519.epkg.Z key_w_fix NTPv3\n 7.2.1.1 IV96310m2a.170519.epkg.Z key_w_fix NTPv3\n 7.2.1.2 IV96310m2a.170519.epkg.Z key_w_fix NTPv3\n 7.2.1.3 IV96310m2a.170519.epkg.Z key_w_fix NTPv3\n\n\n VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)\n -----------------------------------------------------------\n 2.2.4.2x IV96306m9a.170519.epkg.Z key_w_fix NTPv3\n\n \n For NTPv4:\n\n AIX Level Interim Fix (*.Z) KEY PRODUCT(S)\n ----------------------------------------------------------\n 6.1.9.7 IV96311m5a.170518.epkg.Z key_w_fix NTPv4\n 6.1.9.8 IV96311m5a.170518.epkg.Z key_w_fix NTPv4\n 6.1.9.9 IV96311m5a.170518.epkg.Z key_w_fix NTPv4 \n 7.1.3.7 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.1.3.8 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.1.3.9 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.1.4.2 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.1.4.3 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.1.4.4 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.2.0.2 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.2.0.3 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.2.0.4 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.2.1.0 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.2.1.1 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n 7.2.1.2 IV96312m5a.170518.epkg.Z key_w_fix NTPv4\n \n \n All fixes included are cumulative and address previously\n issued AIX NTP security bulletins with respect to SP and TL. \n\n To extract the fixes from the tar file:\n\n tar xvf ntp_fix9.tar\n cd ntp_fix9\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 <filename>\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 5fc5ac58dcc41f427bdd29da28cce00b5e90a0adf8f773592a21593bb7c0b72e IV96305m9a.170518.epkg.Z key_w_csum\n ed9469eea0622397eb9260fb8d0575562459a47c848d5a37a604f104833e9262 IV96306m9a.170519.epkg.Z key_w_csum\n 5ac9f3971dd2b090fe794b2e033230374c22d017ce8d93e8db91fa82ca820b69 IV96307m9a.170518.epkg.Z key_w_csum\n 770ceae338b4bdf6b3367abfc82c6c2d2fb0972c141434c434a60d5e230ca25a IV96308m4a.170518.epkg.Z key_w_csum\n| 2e9d5da20c67d8e7f47abc72c822fbc0dceff0ea0452a4002ab20f5478da1ece IV96308m4b.171107.epkg.Z key_w_csum\n 521c64dee9c966ad7f5347cd2983139045115a2ad48a8a8d1901c5e917f2e367 IV96309m4a.170518.epkg.Z key_w_csum\n 40cf7ffbf4476c8998164203f631fca4d1af12fe3494eb66e05217eaff6b3464 IV96310m2a.170519.epkg.Z key_w_csum\n 0cf956028c6d25ef1de3a40b1b42544e35e2208913b332f05980932a4ff1c3c7 IV96311m5a.170518.epkg.Z key_w_csum\n 9c7d969d0a9127217d15781b2a596f41023b41db7d91f3cf4c6ad2e5d9e088c8 IV96312m5a.170518.epkg.Z key_w_csum\n\n \n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc.sig \n\n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n The fix will not take affect until any running xntpd servers\n have been stopped and restarted with the following commands:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n After installation the ntp daemon must be restarted:\n\n stopsrc -s xntpd\n startsrc -s xntpd\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n C. APARS\n \n IBM has assigned the following APARs to this problem:\n\n For NTPv3:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 5.3.12 IV96305 ** N/A key_w_apar NTPv3\n 6.1.9 IV96306 ** SP10 key_w_apar NTPv3\n 7.1.3 IV96307 ** N/A key_w_apar NTPv3\n 7.1.4 IV96308 ** SP6 key_w_apar NTPv3\n 7.2.0 IV96309 ** SP6 key_w_apar NTPv3\n 7.2.1 IV96310 ** SP4 key_w_apar NTPv3\n\n For NTPv4:\n\n AIX Level APAR Availability SP KEY PRODUCT(S)\n ------------------------------------------------------------\n 6.1.9 IV96311 ** SP10 key_w_apar NTPv4\n 7.1.3 IV96312 ** N/A key_w_apar NTPv4\n 7.1.4 IV96312 ** SP5 key_w_apar NTPv4\n 7.2.0 IV96312 ** SP5 key_w_apar NTPv4\n 7.2.1 IV96312 ** SP3 key_w_apar NTPv4\n\n ** Please refer to AIX support lifecycle information page for \n of Service Packs Support:\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1012517\n\n Subscribe to the APARs here:\n\n https://www.ibm.com/support/docview.wss?uid=isg1IV96305\n https://www.ibm.com/support/docview.wss?uid=isg1IV96306\n https://www.ibm.com/support/docview.wss?uid=isg1IV96307\n https://www.ibm.com/support/docview.wss?uid=isg1IV96308\n https://www.ibm.com/support/docview.wss?uid=isg1IV96309\n https://www.ibm.com/support/docview.wss?uid=isg1IV96310\n https://www.ibm.com/support/docview.wss?uid=isg1IV96311\n https://www.ibm.com/support/docview.wss?uid=isg1IV96312\n \n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n\nIV. WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n https://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\n\nACKNOWLEDGEMENTS:\n\n None \n\n\nCHANGE HISTORY:\n\n First Issued: Thu Jul 6 14:53:51 CDT 2017\n Updated: Wed Sep 13 11:08:51 CDT 2017\n Update 1: Corrected the impacted Upper Level fileset levels.\n The following NTPv3 VRMFs are vulnerable:\n AIX 6.1.9: bos.net.tcp.client up to and including 6.1.9.201.\n AIX 7.1.3: bos.net.tcp.client up to and including 7.1.3.49.\n AIX 7.1.4: bos.net.tcp.client up to and including 7.1.4.31.\n AIX 7.2.0: bos.net.tcp.ntpd up to and including 7.2.0.3.\n AIX 7.2.1: bos.net.tcp.ntpd up to and including 7.2.1.1.\n The following NTPv4 VRMFs are vulnerable:\n ntp.rte 6.1: up to and including 6.1.6.9.\n ntp.rte 7.1: up to and including 7.1.0.9.\n Updated: Fri Oct 20 08:30:30 CDT 2017 \n Update 2: Corrected the impacted Upper Level fileset levels for 7100-04.\n The following NTPv3 VRMFs are vulnerable:\n AIX 7.1.4: bos.net.tcp.client up to and including 7.1.4.32.\n Corrected the APAR section to show that the relevant APARs are\n shipping in 7100-04-06, 7200-00-06, and 7200-01-04.\n| Updated: Mon Nov 13 14:32:25 CST 2017 \n| Update 3: Clarified that AIX 7100-04-05, 7200-00-05, and 7200-01-03 are\n| impacted. An additional iFix is provided for AIX 7100-04-05. The \n| iFixes already provided for 7200-00 and 7200-01 cover 7200-00-05\n| and 7200-01-03.\n \n \n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n \n", "edition": 18, "modified": "2017-09-13T11:08:51", "published": "2017-07-06T14:53:51", "id": "NTP_ADVISORY9.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc", "title": "There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact VIOS", "type": "aix", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2021-01-13T08:41:57", "bulletinFamily": "software", "cvelist": ["CVE-2016-6459", "CVE-2016-9042", "CVE-2017-6451", "CVE-2017-6452", "CVE-2017-6455", "CVE-2017-6458", "CVE-2017-6459", "CVE-2017-6460", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "### SUMMARY \n\nSymantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service through application crashes. A local attacker can exploit these vulnerabilities to execute arbitrary code. \n \n\n\n### AFFECTED PRODUCTS \n\nThe following products are vulnerable:\n\n**Content Analysis (CA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-9042, CVE-2017-6460, \nCVE-2017-6463, CVE-2017-6464 | 2.2 and later | Not vulnerable, fixed in 2.2.1.1. \n2.1 | Upgrade to later release with fixes. \n1.3 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2017-6452 and CVE-2016-6459 | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-9042, CVE-2017-6460, \nCVE-2017-6463, CVE-2017-6464 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-9042, CVE-2017-6460, \nCVE-2017-6463, CVE-2017-6464 | 1.11 and later | Not vulnerable, fixed in 1.11.1.1. \n1.10 | Upgrade to later release with fixes. \n1.9 | Upgrade to later release with fixes. \n \n \n\nReporter \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-9042 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to later release with fixes. \nCVE-2017-6462, CVE-2017-6463, \nCVE-2017-6464 | 10.5 | Not vulnerable, fixed in 10.5.1.1 \n10.3, 10.4 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \n10.2 | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \nAll CVEs | 9.4, 9.5 | Not vulnerable \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-9042, CVE-2017-6460, \nCVE-2017-6455, CVE-2017-6458 | 7.3 and later | Not vulnerable, fixed in 7.3.1 \nCVE-2016-9042, CVE-2017-6460 | 7.2 | Not available at this time \nCVE-2017-6455, CVE-2017-6458 | 7.2 | Not available at this time \n7.1 | Upgrade to later release with fixes. \nCVE-2017-6462, CVE-2017-6463, \nCVE-2017-6464 | 8.1 | Not vulnerable, fixed in 8.1.1 \n7.3, 8.0 | Upgrade to later release with fixes. \n7.2 | Upgrade to 7.2.3. \n7.1 | Upgrade to later release with fixes. \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 4.1 and later | Not vulnerable, fixed in 4.1.1.1 \nCVE-2016-9042, CVE-2017-6460, \nCVE-2017-6463, CVE-2017-6464 | 4.0 | Upgrade to later release with fixes. \n \nCVE-2017-6463, CVE-2017-6464\n\n| 3.12 | Upgrade to later release with fixes. \n3.11 | Upgrade to later release with fixes. \n3.10 | Upgrade to later release with fixes. \n3.8.4FC, 3.9 | Upgrade to later release with fixes. \n \n \n\nThe following products contain a vulnerable version of the ntp.org NTP reference implementation, but are not vulnerable to known vectors of attack:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2017-6451, CVE-2017-6452, and CVE-2017-6459 | 7.1 and later | Not vulnerable, fixed in 7.1.1.1 \n6.7 | Upgrade to 6.7.3.1. \n6.6 | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nSymantec Network Protection products do not enable or use all functionality within the ntp.org NTP reference implementation. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **ASG:** all CVEs except CVE-2017-6451, CVE-2017-6452, and CVE-2017-6459\n * **CA:** CVE-2017-6455, CVE-2017-6458, and CVE-2017-6462\n * **MTD:** CVE-2017-6455, CVE-2017-6458, and CVE-2017-6462\n * **MC:** CVE-2017-6455, CVE-2017-6458, and CVE-2017-6462\n * **Reporter 10.1, 10.3, 10.4:** CVE-2017-6451 (10.1 only), CVE-2017-6458 (10.1 only), CVE-2017-6460 (10.1 only), CVE-2017-6462, CVE-2017-6463, CVE-2017-6464\n * **SSLV:** CVE-2017-6455, CVE-2017-6458, and CVE-2017-6462\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nSymantec HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nMalware Analysis \nNorman Shark Industrial Control System Protection \nNorman Shark Network Protection \nNorman Shark SCADA Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG** \n**Unified Agent \nWeb Isolation** \n \nThe following products are under investigation: \n**X-Series XOS \n \n**\n\n### ISSUES \n\n**CVE-2016-9042** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 97046](<https://www.securityfocus.com/bid/97046>) / Red Hat: [CVE-2016-9042](<https://access.redhat.com/security/cve/cve-2016-9042>) \n**Impact** | Denial of service \n**Description** | A flaw in ntpd origin timestamp validation allows a remote attacker who can spoof packets from a configured time server to cause ntpd to discard responses from that server. A remote attacker who can spoof packets from all configured time servers can prevent ntpd from adjusting the system time, resulting in denial of service. \n \n \n\n**CVE-2017-6451** \n--- \n**Severity / CVSSv2** | Medium / 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 97058](<http://www.securityfocus.com/bid/97058>) / NVD: [CVE-2017-6451](<https://nvd.nist.gov/vuln/detail/CVE-2017-6451>) \n**Impact** | Code execution \n**Description** | An out-of-bounds write flaw in the legacy MX4200 refclock allows a local attacker to execute arbitrary code via unspecified vectors. \n \n \n\n**CVE-2017-6452** \n--- \n**Severity / CVSSv2** | Medium / 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 97078](<http://www.securityfocus.com/bid/97078>) / NVD: [CVE-2017-6452](<https://nvd.nist.gov/vuln/detail/CVE-2017-6452>) \n**Impact** | Unspecified \n**Description** | An out-of-bounds write flaw in the NTP library Windows installer allows a local attacker to pass in a crafted application path and have unspecified impact. \n \n \n\n**CVE-2017-6455** \n--- \n**Severity / CVSSv2** | Medium / 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 97074](<https://www.securityfocus.com/bid/97074>) / NVD: [CVE-2017-6455](<https://nvd.nist.gov/vuln/detail/CVE-2017-6455>) \n**Impact** | Code execution \n**Description** | A flaw in ntpd under Windows NT allows a local attacker to specify a malicious DLL in the PPSAPI_DLLS environment variable and execute arbitrary code within ntpd. \n \n \n\n**CVE-2017-6458** \n--- \n**Severity / CVSSv2** | Medium / 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 97051](<https://www.securityfocus.com/bid/97051>) / NVD: [CVE-2017-6458](<https://nvd.nist.gov/vuln/detail/CVE-2017-6458>) \n**Impact** | Unspecified \n**Description** | A flaw in ntpd allows a remote attacker to send query requests and have unspecified impact. Successful exploitation requires the query responses to include custom variables with long names, which have been pre-configured in the ntpd configuration file. \n \n \n\n**CVE-2017-6459** \n--- \n**Severity / CVSSv2** | Low / 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 97076](<https://www.securityfocus.com/bid/97076>) / NVD: [CVE-2017-6459](<https://nvd.nist.gov/vuln/detail/CVE-2017-6459>) \n**Impact** | Unspecified \n**Description** | A flaw in the NTP library Windows installer allows local attackers to have unspecified impact via vectors related to an argument with multiple NULL bytes. \n \n \n\n**CVE-2017-6460** \n--- \n**Severity / CVSSv2** | Medium / 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 97052](<https://www.securityfocus.com/bid/97052>) / NVD: [CVE-2017-6460](<https://nvd.nist.gov/vuln/detail/CVE-2017-6460>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in ntpq allows a malicious remote NTP server to send a crafted list response and cause a stack-based buffer overflow. The malicious server can execute arbitrary code on the host running ntpq or cause ntpq to crash. \n \n \n\n**CVE-2017-6462** \n--- \n**Severity / CVSSv2** | Medium / 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 97045](<https://www.securityfocus.com/bid/97045>) / NVD: [CVE-2017-6462](<https://nvd.nist.gov/vuln/detail/CVE-2017-6462>) \n**Impact** | Unspecified \n**Description** | A flaw in the legacy Datum Programmable Time Server (DPTS) refclock driver allows local attackers to cause a buffer overflow in ntpd via a crafted /dev/datum device file, and have unspecified impact. \n \n \n\n**CVE-2017-6463** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 97049](<https://www.securityfocus.com/bid/97049>) / NVD: [CVE-2017-6463](<https://nvd.nist.gov/vuln/detail/CVE-2017-6463>) \n**Impact** | Denial of service \n**Description** | A flaw in ntpd allows a remote authenticated attacker to send a crafted unpeer configuration request and cause ntpd to crash, resulting in denial of service. \n \n \n\n**CVE-2017-6464** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 97050](<https://www.securityfocus.com/bid/97050>) / NVD: [CVE-2017-6464](<https://nvd.nist.gov/vuln/detail/CVE-2017-6464>) \n**Impact** | Denial of service \n**Description** | A flaw in ntpd allows a remote authenticated attacker to send a crafted mode configuration request and cause ntpd to crash, resulting in denial of service. \n \n \n\n### MITIGATION \n\nThese vulnerabilities can be exploited only through the management network port for Director, MTD, MC, and SSLV. Allowing only machines, IP addresses and subnets from a trusted network to access to the management network port reduces the threat of exploiting the vulnerabilities.\n\nBy default, Director does not use the PPSAPI_DLLS environment variable, custom variables with long names, and the DPTS refclock. Customers who leave these NTP features disabled prevent attacks against Director using CVE-2017-6455, CVE-2017-6458, and CVE-2017-6462.\n\nBy default, Security Analytics does not use the PPSAPI_DLLS environment variable, custom variables with long names, ntpq, and the DPTS refclock. Customers who leave these NTP features disabled prevent attacks against Director using CVE-2017-6455, CVE-2017-6458, CVE-2017-6460, and CVE-2017-6462. \n \n\n\n### REFERENCES \n\nNTP Security Notice - <https://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu> \n \n\n\n### REVISION \n\n2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-17 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-04-28 Reporter 10.3 and 10.4 are not vulnerable to CVE-2016-9042. \n2020-04-23 Advanced Secure Gateway (ASG) 7.1 and later versions are not vulnerable because a fix is available in 7.1.1.1. Fixes for Reporter 10.3 and 10.4 will not be provided. Please provide to a later version with the vulnerability fixes. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Security Analytics 8.1 is not vulnerable because a fix is available in 8.1.1. \n2019-10-02 Web Isolation is not vulnerable. \n2019-08-29 Reporter 10.1 is vulnerable to CVE-2016-9042. Reporter 10.2 is not vulnerable because a fix for all CVEs is available in 10.2.1.1. Reporter 10.3 and 10.4 have vulnerable versions of the NTP reference implementation, but are not vulnerable to known vectors of attack. \n2019-08-08 SSLV 3.x is not vulnerable to CVE-2017-6460. \n2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-21 SA 7.3 starting with 7.3.2 and 8.0 are vulnerable to CVE-2017-6462, CVE-2017-6463, and CVE-2017-6464. \n2019-01-11 A fix for CA 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. Added remaining CVSS v2 scores from NVD. \n2018-08-07 A fix for CA 1.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-06-25 A fix for SSLV 3.11 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-26 A fix for SSLV 4.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 CA 2.3 is not vulnerable. \n2018-01-31 A fix for ASG 6.7 is avaialble in 6.7.3.1. \n2017-11-09 MC 1.11 is not vulnerable because a fix is available in 1.11.1.1. A fix for MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-08 CAS 2.2 is not vulnerable because a fix is available in 2.2.1.1. \n2017-11-06 ASG 6.7 has a vulnerable version of the NTP reference implementation, but is not vulnerable to known vectors of attack. \n2017-08-03 SSLV 4.1 is not vulnerable because a fix is available in 4.1.1.1. \n2017-07-23 MC 1.10 is vulnerable to CVE-2016-9042, CVE-2017-6460, CVE-2017-6463, and CVE-2017-6464. It also has a vulnerable version of the NTP reference implementation for CVE-2017-6455, CVE-2017-6458, and CVE-2017-6462. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-06-22 Security Analytics 7.3 is not vulnerable because a fix is available in 7.3.1. \n2017-05-19 CA 2.1 is vulnerable to CVE-2016-9042, CVE-2017-6460, CVE-2017-6463, and CVE-2017-6464. \n2017-05-05 Security Analytics 7.1 and 7.2 are vulnerable to CVE-2017-6458, CVE-2017-6462, CVE-2017-6463, and CVE-2017-6464. Security Analytics 7.2 is also vulnerable to CVE-2016-9042 and CVE-2017-6460. \n2017-04-13 initial public release\n", "modified": "2021-01-13T07:43:51", "published": "2017-04-13T08:00:00", "id": "SMNTC-1403", "href": "", "type": "symantec", "title": "SA147 : March 2017 NTP Security Vulnerabilities", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n* Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464)\n\n* A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash. (CVE-2017-6462)\n\nRed Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues.", "modified": "2018-06-07T18:23:48", "published": "2017-10-26T10:19:03", "id": "RHSA-2017:3071", "href": "https://access.redhat.com/errata/RHSA-2017:3071", "type": "redhat", "title": "(RHSA-2017:3071) Moderate: ntp security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n* ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463)\n\n* ntp: Denial of Service via Malformed Config (CVE-2017-6464)\n\n* ntp: Buffer Overflow in DPTS Clock (CVE-2017-6462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2018-04-10T10:46:57", "published": "2018-04-10T09:02:34", "id": "RHSA-2018:0855", "href": "https://access.redhat.com/errata/RHSA-2018:0855", "type": "redhat", "title": "(RHSA-2018:0855) Moderate: ntp security, bug fix, and enhancement update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:38:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "**CentOS Errata and Security Advisory** CESA-2017:3071\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n* Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464)\n\n* A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash. (CVE-2017-6462)\n\nRed Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/034646.html\n\n**Affected packages:**\nntp\nntp-doc\nntp-perl\nntpdate\n\n**Upstream details at:**\n", "edition": 4, "modified": "2017-10-26T11:47:10", "published": "2017-10-26T11:47:10", "href": "http://lists.centos.org/pipermail/centos-announce/2017-October/034646.html", "id": "CESA-2017:3071", "type": "centos", "title": "ntp, ntpdate security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:26:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464"], "description": "**CentOS Errata and Security Advisory** CESA-2018:0855\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n* ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463)\n\n* ntp: Denial of Service via Malformed Config (CVE-2017-6464)\n\n* ntp: Buffer Overflow in DPTS Clock (CVE-2017-6462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-April/004998.html\n\n**Affected packages:**\nntp\nntp-doc\nntp-perl\nntpdate\nsntp\n\n**Upstream details at:**\n", "edition": 3, "modified": "2018-04-26T17:47:34", "published": "2018-04-26T17:47:34", "id": "CESA-2018:0855", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-April/004998.html", "title": "ntp, ntpdate, sntp security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T12:01:00", "description": "### Summary\r\nAn exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.\r\n\r\n### Tested Versions\r\nNTP 4.2.8p9\r\n\r\n### Product URLs\r\nhttp://www.ntp.org\r\n\r\n### CVSSv3 Score\r\nCVSSv2: 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3: 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\r\n\r\n### Details\r\nIn most modes, NTP prevents spoofing by off-path attackers by verifying that the origin timestamp of an incoming NTP packet matches the transmit timestamp on the daemon's last outgoing packet --- using the transmit and origin timestamps as a per-request nonce. This test described in RFC 5905 and dubbed TEST2 in ntpd's source code. To prevent an NTP daemon from accepting responses to duplicated request packets, RFC 5095 also specifies that the expected origin timestamp should be set to zero after successfully validating the origin timestamp of an incoming packet. Unfortunately, ntpd releases before 4.2.8p9 did not correctly reject incoming packets bearing a zero origin timestamp. This allowed a trivial bypass of TEST2, the origin timestamp check, by setting the origin timestamp on spoofed packets equal to zero (CVE-2015-8138,CVE-2016-7431).\r\n\r\nntp-4.2.8p9 fixes CVE-2015-8138 by rejecting packets with zero origin timestamps in all modes where that is not expected legitimate behavior. However, for reasons unknown, before rejecting a packet bearing a zero origin timestamp, ntp-4.2.8p9 clears the expected origin timestamp (peer->aorg) as can be seen in the following abstracted code:\r\n```\r\nif (0) {\r\n} else if (L_ISZERO(&p_org)) {\r\n char *action;\r\n\r\n L_CLR(&peer->aorg);\r\n ...\r\n peer->bogusorg++;\r\n peer->flash |= TEST2; /* bogus */\r\n ... /* packet will be dropped */\r\n} else if (!L_ISEQU(&p_org, &peer->aorg)) {\r\n peer->bogusorg++;\r\n peer->flash |= TEST2; /* bogus */\r\n ... /* packet will be dropped */\r\n} else {\r\n L_CLR(&peer->aorg);\r\n}\r\n```\r\n\r\nThis leads to a trivial denial of service. An unauthenticated network attacker who knows the address of one of the peers of a victim ntpd process can send the victim ntpd spoofed packets with the source address of the peer and a zero origin timestamp in order to reset peer->aorg for that peer. This will cause the next packet sent from the peer to fail the origin timestamp check (TEST2) and be dropped. The attacker can repeat this each poll period for all known peers in order to prevent their packets from being accepted by the victim ntpd.\r\n\r\nThis attack is very effective against symmetric associations where the duration between an outgoing packet from the victim ntpd and its \"response\" will be on the order of seconds to minutes. The attack is more difficult for client-server associations where the request-response window is likely to be on the order of milliseconds. However, if the attacker can observe the victim ntpd's request packet, it can attempt to race the remote peer's legitimate response.\r\n\r\nAn attacker can learn the currently selected peer of a victim ntpd process by sending the victim a client mode request and reading the peer's address from the refid field of the victim's response. This allows the attacker to target the currently selected peer one at a time until it has learned and targeted all peers of the victim ntpd process. If the victim allows NTP control queries or the attacker can observe the victim's NTP traffic, the attacker can easily learn all the victim's peers.\r\n\r\nThe call to LCLR(&peer->aorg) when a zero-origin timestamp packet is received appears unnecessary and should be removed. To see that clearing peer->aorg is unnecessary, let's consider the operation of each NTP mode in turn after omitting the LCLR(&peer->aorg):\r\n\r\n* Client-Server: Servers are stateless, so the change has no effect on them. Clients should not be sending requests with zero transmit timestamps and, therefore, should not be receiving responses with zero origin timestamps. Thus, removing the L_CLR(&peer->aorg) should have no effect on legitimate client-server behavior.\r\n* Broadcast: Broadcast packets are handled separately and thus are not influenced by the behavior of this code.\r\n* Symmetric (Active and Passive): When two symmetric peers are synchronized to a legitimate time source (0 < stratum < 16) and the association between them is fully operational, the origin timestamp on incoming packets will be non-zero and equal to peer->aorg, thus avoiding the L_CLR(&peer->aorg). The interesting cases occur when there is packet loss or one peer resets their association (e.g. ntpd is restarted).\r\n\r\n\r\nWithout loss of generality, let A be the sender and B the recipient of the first packet with pkt->org != peer->aorg. If A reset its association with B, pkt->org == 0. Otherwise, pkt->org != 0 && pkt->org != peer->aorg. In either case, B will mark the packet as having failed TEST2. However, if the packet is authenticated correctly for the association, B will update peer->xmt = pkt->xmt before rejecting the packet due to failing TEST2. In B's next packet to A, it will set pkt->org = peer->xmt and peer->aorg = pkt->xmt, ensuring that the packet will pass TEST2 at A, causing it to be accepted by A, and overwriting any previous value of peer->aorg at B. A will update its peer variables for B as well, ensuring that A's next packet will be accepted by B. From this point on, the symmetric association between A and B has successfully resynchronized.\r\n\r\nThus, we see that recovery from packet loss or peer restart is not hampered by allowing peer->aorg to maintain its previous value when a packet with a zero origin timestamp is received. Further to the point, ntpd versions prior to ntp-4.2.8p6 did not clear peer->aorg upon receipt of a packet bearing a zero origin timestamp.\r\n\r\n### Mitigation\r\nThe only ntpd-based mitigations for this vulnerability are to try to make it harder for an attacker to guess the peers of ntpd instances and to monitor ntpd logs for messages such as the following:\r\n```\r\nntpd[16767]: receive: Drop 0 origin timestamp from sym_active@192.168.33.12 xmt 0xdbe84918.63324800\r\n\r\nntpd[16767]: receive: Unexpected origin timestamp 0xdbe849a1.279a6fea does not match aorg 0000000000.00000000 from sym_active@192.168.33.12 xmt 0xdbe849a4.52a12e3a\r\n```\r\nAll ntpd instances should be configured to block control queries from untrusted servers. This is best practice.\r\n\r\nAll ntpd clients should block all incoming traffic that does not originate from a known peer address. This can be accomplished with a stateful firewall.\r\n\r\nBecause peer->aorg is cleared before authentication is enforced, enabling NTP authentication does not prevent exploitation of this vulnerability.\r\n### Timeline\r\n* 2017-01-04 - Vendor Disclosure\r\n* 2017-03-29 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Matthew Van Gundy of Cisco ASIG.", "published": "2017-09-20T00:00:00", "type": "seebug", "title": "Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8138", "CVE-2016-7431", "CVE-2016-9042"], "modified": "2017-09-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96543", "id": "SSV:96543", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "ubuntu": [{"lastseen": "2020-07-02T11:34:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2017-6460", "CVE-2016-7433", "CVE-2017-6458", "CVE-2016-7427", "CVE-2016-9042", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-2519", "CVE-2016-7428", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426", "CVE-2016-7431"], "description": "Yihan Lian discovered that NTP incorrectly handled certain large request \ndata values. A remote attacker could possibly use this issue to cause NTP \nto crash, resulting in a denial of service. This issue only affected \nUbuntu 16.04 LTS. (CVE-2016-2519)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed \naddresses when performing rate limiting. A remote attacker could possibly \nuse this issue to perform a denial of service. This issue only affected \nUbuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted \nbroadcast mode packets. A remote attacker could possibly use this issue to \nperform a denial of service. This issue only affected Ubuntu 14.04 LTS, \nUbuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain responses. \nA remote attacker could possibly use this issue to perform a denial of \nservice. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and \nUbuntu 16.10. (CVE-2016-7429)\n\nSharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly \nhandled origin timestamps of zero. A remote attacker could possibly use \nthis issue to bypass the origin timestamp protection mechanism. This issue \nonly affected Ubuntu 16.10. (CVE-2016-7431)\n\nBrian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP \nincorrectly performed initial sync calculations. This issue only applied \nto Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)\n\nMagnus Stubman discovered that NTP incorrectly handled certain mrulist \nqueries. A remote attacker could possibly use this issue to cause NTP to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)\n\nMatthew Van Gund discovered that NTP incorrectly handled origin timestamp \nchecks. A remote attacker could possibly use this issue to perform a denial \nof service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. \n(CVE-2016-9042)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control \nmode packets. A remote attacker could use this issue to set or unset traps. \nThis issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu \n16.10. (CVE-2016-9310)\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. \nA remote attacker could possibly use this issue to cause NTP to crash, \nresulting in a denial of service. This issue only applied to Ubuntu 14.04 \nLTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)\n\nIt was discovered that NTP incorrectly handled memory when processing long \nvariables. A remote authenticated user could possibly use this issue to \ncause NTP to crash, resulting in a denial of service. (CVE-2017-6458)\n\nIt was discovered that NTP incorrectly handled memory when processing long \nvariables. A remote authenticated user could possibly use this issue to \ncause NTP to crash, resulting in a denial of service. This issue only \napplied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly \nhandled the /dev/datum device. A local attacker could possibly use this \nissue to cause a denial of service. (CVE-2017-6462)\n\nIt was discovered that NTP incorrectly handled certain invalid settings \nin a :config directive. A remote authenticated user could possibly use \nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6463)\n\nIt was discovered that NTP incorrectly handled certain invalid mode \nconfiguration directives. A remote authenticated user could possibly use \nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6464)", "edition": 5, "modified": "2017-07-05T00:00:00", "published": "2017-07-05T00:00:00", "id": "USN-3349-1", "href": "https://ubuntu.com/security/notices/USN-3349-1", "title": "NTP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:38:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2018-7185", "CVE-2018-7183", "CVE-2016-7427", "CVE-2017-6462", "CVE-2017-6463", "CVE-2016-7428", "CVE-2016-9310", "CVE-2016-7426"], "description": "USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed \naddresses when performing rate limiting. A remote attacker could possibly \nuse this issue to perform a denial of service. (CVE-2016-7426)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted \nbroadcast mode packets. A remote attacker could possibly use this issue to \nperform a denial of service. (CVE-2016-7427, CVE-2016-7428)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control \nmode packets. A remote attacker could use this issue to set or unset traps. \n(CVE-2016-9310)\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. \nA remote attacker could possibly use this issue to cause NTP to crash, resulting \nin a denial of service. (CVE-2016-9311)\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly handled \nthe /dev/datum device. A local attacker could possibly use this issue to cause \na denial of service. (CVE-2017-6462)\n\nIt was discovered that NTP incorrectly handled certain invalid settings in a \n:config directive. A remote authenticated user could possibly use this issue \nto cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)\n\nMichael Macnair discovered that NTP incorrectly handled certain responses. \nA remote attacker could possibly use this issue to execute arbitrary code. \n(CVE-2018-7183)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain \nzero-origin timestamps. A remote attacker could possibly use this issue to \ncause a denial of service. (CVE-2018-7185)", "edition": 4, "modified": "2019-01-23T00:00:00", "published": "2019-01-23T00:00:00", "id": "USN-3707-2", "href": "https://ubuntu.com/security/notices/USN-3707-2", "title": "NTP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "software", "cvelist": ["CVE-2016-7434", "CVE-2016-9311", "CVE-2017-6460", "CVE-2016-7433", "CVE-2017-6458", "CVE-2016-7427", "CVE-2016-9042", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-2519", "CVE-2016-7428", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426", "CVE-2016-7431"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nYihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. ([CVE-2016-2519](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2519>))\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. ([CVE-2016-7426](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7426>))\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. ([CVE-2016-7427](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7427>), [CVE-2016-7428](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7428>))\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. ([CVE-2016-7429](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7429>))\n\nSharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. ([CVE-2016-7431](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7431>))\n\nBrian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-7433](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7433>))\n\nMagnus Stubman discovered that NTP incorrectly handled certain mrulist queries. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-7434](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7434>))\n\nMatthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. ([CVE-2016-9042](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9042>))\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-9310](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9310>))\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-9311](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9311>))\n\nIt was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. ([CVE-2017-6458](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6458>))\n\nIt was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. ([CVE-2017-6460](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6460>))\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. A local attacker could possibly use this issue to cause a denial of service. ([CVE-2017-6462](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6462>))\n\nIt was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. ([CVE-2017-6463](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6463>))\n\nIt was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. ([CVE-2017-6464](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6464>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.32\n * 3363.x versions prior to 3363.29\n * 3421.x versions prior to 3421.18\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.137.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions prior to 3312.32\n * Upgrade 3363.x versions prior to 3363.29\n * Upgrade 3421.x versions prior to 3421.18\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.137.0 or later.\n\n# References\n\n * [USN-3349-1](<http://www.ubuntu.com/usn/usn-3349-1/>)\n * [CVE-2016-2519](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2519>)\n * [CVE-2016-7426](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7426>)\n * [CVE-2016-7427](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7427>)\n * [CVE-2016-7428](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7428>)\n * [CVE-2016-7429](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7429>)\n * [CVE-2016-7431](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7431>)\n * [CVE-2016-7433](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7433>)\n * [CVE-2016-7434](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7434>)\n * [CVE-2016-9042](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9042>)\n * [CVE-2016-9310](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9310>)\n * [CVE-2016-9311](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9311>)\n * [CVE-2017-6458](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6458>)\n * [CVE-2017-6460](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6460>)\n * [CVE-2017-6462](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6462>)\n * [CVE-2017-6463](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6463>)\n * [CVE-2017-6464](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6464>)\n", "edition": 5, "modified": "2017-08-04T00:00:00", "published": "2017-08-04T00:00:00", "id": "CFOUNDRY:8722C197C1671303FFCA9E919368B734", "href": "https://www.cloudfoundry.org/blog/usn-3349-1/", "title": "USN-3349-1: NTP vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5211", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2018-12327", "CVE-2017-6464"], "description": "[4.2.6p5-15.0.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\n[4.2.6p5-15]\n- fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)\n[4.2.6p5-14]\n- fix CVE-2016-7429 patch to work correctly on multicast client (#1422973)\n[4.2.6p5-13]\n- fix buffer overflow in datum refclock driver (CVE-2017-6462)\n- fix crash with invalid unpeer command (CVE-2017-6463)\n- fix potential crash with invalid server command (CVE-2017-6464)", "edition": 2, "modified": "2018-12-19T00:00:00", "published": "2018-12-19T00:00:00", "id": "ELSA-2018-3854", "href": "http://linux.oracle.com/errata/ELSA-2018-3854.html", "title": "ntp security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:08:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9311", "CVE-2016-7433", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426"], "description": "[4.2.6p5-28.0.1]\n- Bump release to avoid ULN conflict with Oracle modified errata.\n[4.2.6p5-28]\n- fix buffer overflow in datum refclock driver (CVE-2017-6462)\n- fix crash with invalid unpeer command (CVE-2017-6463)\n- fix potential crash with invalid server command (CVE-2017-6464)\n- add Spectracom TSYNC driver (#1491797)\n- fix initialization of system clock status (#1493452)\n- fix typos in ntpd man page (#1420453)\n- use SHA1 request key by default (#1442083)\n- use network-online target in ntpdate and sntp services (#1466947)\n[4.2.6p5-27]\n- fix CVE-2016-7429 patch to work correctly on multicast client (#1422944)\n[4.2.6p5-26]\n- don't limit rate of packets from sources (CVE-2016-7426)\n- don't change interface from received packets (CVE-2016-7429)\n- fix calculation of root distance again (CVE-2016-7433)\n- require authentication for trap commands (CVE-2016-9310)\n- fix crash when reporting peer event to trappers (CVE-2016-9311)", "edition": 5, "modified": "2018-04-16T00:00:00", "published": "2018-04-16T00:00:00", "id": "ELSA-2018-0855", "href": "http://linux.oracle.com/errata/ELSA-2018-0855.html", "title": "ntp security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2016-9311", "CVE-2016-1550", "CVE-2013-5211", "CVE-2016-7433", "CVE-2015-7979", "CVE-2016-1547", "CVE-2017-6462", "CVE-2016-7429", "CVE-2017-6463", "CVE-2016-9310", "CVE-2017-6464", "CVE-2016-7426"], "description": "[4.2.6p5-12.0.1.el6_9.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\n[4.2.6p5-12.el6_9.1]\n- fix buffer overflow in datum refclock driver (CVE-2017-6462)\n- fix crash with invalid unpeer command (CVE-2017-6463)\n- fix potential crash with invalid server command (CVE-2017-6464)\n[4.2.6p5-12]\n- don't limit rate of packets from sources (CVE-2016-7426)\n- don't change interface from received packets (CVE-2016-7429)\n- fix calculation of root distance again (CVE-2016-7433)\n- require authentication for trap commands (CVE-2016-9310)\n- fix crash when reporting peer event to trappers (CVE-2016-9311)\n[4.2.6p5-11]\n- don't allow spoofed packets to demobilize associations (CVE-2015-7979,\n CVE-2016-1547)\n- don't allow spoofed packet to enable symmetric interleaved mode\n (CVE-2016-1548)\n- check mode of new source in config command (CVE-2016-2518)\n- make MAC check resilient against timing attack (CVE-2016-1550)", "edition": 4, "modified": "2017-10-26T00:00:00", "published": "2017-10-26T00:00:00", "id": "ELSA-2017-3071", "href": "http://linux.oracle.com/errata/ELSA-2017-3071.html", "title": "ntp security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "paloalto": [{"lastseen": "2020-12-24T13:20:55", "bulletinFamily": "software", "cvelist": ["CVE-2017-6460"], "description": "The Network Time Protocol (NTP) library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall. (Ref # PAN-76130 / CVE-2017-6460)\nSuccessful exploitation of this issue requires an attacker to be on the management interface.\nThis issue affects PAN-OS 6.1, PAN-OS 7.0.17 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.3 and earlier\n\n**Work around:**\nPalo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.\n", "edition": 6, "modified": "2017-07-27T17:15:00", "published": "2017-07-27T17:15:00", "id": "PAN-SA-2017-0022", "href": "https://securityadvisories.paloaltonetworks.com/CVE-2017-6460", "title": "NTP Vulnerability", "type": "paloalto", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "talos": [{"lastseen": "2020-07-01T21:24:56", "bulletinFamily": "info", "cvelist": ["CVE-2015-8138", "CVE-2016-9042", "CVE-2016-7431"], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0260\n\n## Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability\n\n##### March 29, 2017\n\n##### CVE Number\n\nCVE-2016-9042\n\n### Summary\n\nAn exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.\n\n### Tested Versions\n\nNTP 4.2.8p9\n\n### Product URLs\n\nhttp://www.ntp.org\n\n### CVSSv3 Score\n\nCVSSv2: 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3: 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\n\n### Details\n\nIn most modes, NTP prevents spoofing by off-path attackers by verifying that the origin timestamp of an incoming NTP packet matches the transmit timestamp on the daemon\u2019s last outgoing packet \u2014 using the transmit and origin timestamps as a per-request nonce. This test described in RFC 5905 and dubbed `TEST2` in ntpd\u2019s source code. To prevent an NTP daemon from accepting responses to duplicated request packets, RFC 5095 also specifies that the expected origin timestamp should be set to zero after successfully validating the origin timestamp of an incoming packet. Unfortunately, ntpd releases before 4.2.8p9 did not correctly reject incoming packets bearing a zero origin timestamp. This allowed a trivial bypass of TEST2, the origin timestamp check, by setting the origin timestamp on spoofed packets equal to zero (CVE-2015-8138,CVE-2016-7431).\n\nntp-4.2.8p9 fixes CVE-2015-8138 by rejecting packets with zero origin timestamps in all modes where that is not expected legitimate behavior. However, for reasons unknown, before rejecting a packet bearing a zero origin timestamp, ntp-4.2.8p9 clears the expected origin timestamp (peer-&gt;aorg) as can be seen in the following abstracted code:\n \n \n if (0) {\n } else if (L_ISZERO(&p_org)) {\n char *action;\n \n L_CLR(&peer->aorg);\n ...\n peer->bogusorg++;\n peer->flash |= TEST2;\t/* bogus */\n ... /* packet will be dropped */\n } else if (!L_ISEQU(&p_org, &peer->aorg)) {\n peer->bogusorg++;\n peer->flash |= TEST2; /* bogus */\n ... /* packet will be dropped */\n } else {\n L_CLR(&peer->aorg);\n }\n \n\nThis leads to a trivial denial of service. An unauthenticated network attacker who knows the address of one of the peers of a victim ntpd process can send the victim ntpd spoofed packets with the source address of the peer and a zero origin timestamp in order to reset peer-&gt;aorg for that peer. This will cause the next packet sent from the peer to fail the origin timestamp check (TEST2) and be dropped. The attacker can repeat this each poll period for all known peers in order to prevent their packets from being accepted by the victim ntpd.\n\nThis attack is very effective against symmetric associations where the duration between an outgoing packet from the victim ntpd and its \u201cresponse\u201d will be on the order of seconds to minutes. The attack is more difficult for client-server associations where the request-response window is likely to be on the order of milliseconds. However, if the attacker can observe the victim ntpd\u2019s request packet, it can attempt to race the remote peer\u2019s legitimate response.\n\nAn attacker can learn the currently selected peer of a victim ntpd process by sending the victim a client mode request and reading the peer\u2019s address from the refid field of the victim\u2019s response. This allows the attacker to target the currently selected peer one at a time until it has learned and targeted all peers of the victim ntpd process. If the victim allows NTP control queries or the attacker can observe the victim\u2019s NTP traffic, the attacker can easily learn all the victim\u2019s peers.\n\nThe call to L_CLR(&amp;peer-&gt;aorg) when a zero-origin timestamp packet is received appears unnecessary and should be removed. To see that clearing peer-&gt;aorg is unnecessary, let\u2019s consider the operation of each NTP mode in turn after omitting the L_CLR(&amp;peer-&gt;aorg):\n\n * Client-Server: Servers are stateless, so the change has no effect on them. Clients should not be sending requests with zero transmit timestamps and, therefore, should not be receiving responses with zero origin timestamps. Thus, removing the L_CLR(&amp;peer-&gt;aorg) should have no effect on legitimate client-server behavior.\n\n * Broadcast: Broadcast packets are handled separately and thus are not influenced by the behavior of this code.\n\n * Symmetric (Active and Passive): When two symmetric peers are synchronized to a legitimate time source (0 &lt; stratum &lt; 16) and the association between them is fully operational, the origin timestamp on incoming packets will be non-zero and equal to peer-&gt;aorg, thus avoiding the L_CLR(&amp;peer-&gt;aorg). The interesting cases occur when there is packet loss or one peer resets their association (e.g. ntpd is restarted).\n\nWithout loss of generality, let A be the sender and B the recipient of the first packet with pkt-&gt;org != peer-&gt;aorg. If A reset its association with B, pkt-&gt;org == 0. Otherwise, pkt-&gt;org != 0 &amp;&amp; pkt-&gt;org != peer-&gt;aorg. In either case, B will mark the packet as having failed TEST2. However, if the packet is authenticated correctly for the association, B will update peer-&gt;xmt = pkt-&gt;xmt before rejecting the packet due to failing TEST2. In B\u2019s next packet to A, it will set pkt-&gt;org = peer-&gt;xmt and peer-&gt;aorg = pkt-&gt;xmt, ensuring that the packet will pass TEST2 at A, causing it to be accepted by A, and overwriting any previous value of peer-&gt;aorg at B. A will update its peer variables for B as well, ensuring that A\u2019s next packet will be accepted by B. From this point on, the symmetric association between A and B has successfully resynchronized.\n\nThus, we see that recovery from packet loss or peer restart is not hampered by allowing peer-&gt;aorg to maintain its previous value when a packet with a zero origin timestamp is received. Further to the point, ntpd versions prior to ntp-4.2.8p6 did not clear peer-&gt;aorg upon receipt of a packet bearing a zero origin timestamp.\n\n### Mitigation\n\nThe only ntpd-based mitigations for this vulnerability are to try to make it harder for an attacker to guess the peers of ntpd instances and to monitor ntpd logs for messages such as the following:\n \n \n ntpd[16767]: receive: Drop 0 origin timestamp from sym_active@192.168.33.12 xmt 0xdbe84918.63324800\n \n ntpd[16767]: receive: Unexpected origin timestamp 0xdbe849a1.279a6fea does not match aorg 0000000000.00000000 from sym_active@192.168.33.12 xmt 0xdbe849a4.52a12e3a\n \n\nAll ntpd instances should be configured to block control queries from untrusted servers. This is best practice.\n\nAll ntpd clients should block all incoming traffic that does not originate from a known peer address. This can be accomplished with a stateful firewall.\n\nBecause peer-&gt;aorg is cleared before authentication is enforced, enabling NTP authentication does not prevent exploitation of this vulnerability.\n\n### Timeline\n\n2017-01-04 - Vendor Disclosure \n2017-03-29 - Public Release \n\n\n##### Credit\n\nDiscovered by Matthew Van Gundy of Cisco ASIG.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0230\n\nPrevious Report\n\nTALOS-2017-0269\n", "edition": 15, "modified": "2017-03-29T00:00:00", "published": "2017-03-29T00:00:00", "id": "TALOS-2016-0260", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260", "title": "Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability", "type": "talos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "apple": [{"lastseen": "2020-12-24T20:41:15", "bulletinFamily": "software", "cvelist": ["CVE-2017-6459", "CVE-2017-7077", "CVE-2017-13810", "CVE-2017-13873", "CVE-2017-9233", "CVE-2016-2161", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7143", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-13843", "CVE-2017-13809", "CVE-2017-7084", "CVE-2017-13823", "CVE-2016-8743", "CVE-2017-7138", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-13816", "CVE-2017-7126", "CVE-2017-13910", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13832", "CVE-2017-13846", "CVE-2017-7132", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-13908", "CVE-2017-13811", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-6451", "CVE-2017-1000373", "CVE-2017-13827", "CVE-2017-7083", "CVE-2017-7121", "CVE-2017-7074", "CVE-2017-13808", "CVE-2017-7078", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-6458", "CVE-2017-13890", "CVE-2017-13812", "CVE-2017-13824", "CVE-2018-4302", "CVE-2017-7141", "CVE-2016-4736", "CVE-2017-7119", "CVE-2017-13829", "CVE-2017-13851", "CVE-2017-13828", "CVE-2017-13839", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2016-9042", "CVE-2017-7125", "CVE-2017-6462", "CVE-2017-13838", "CVE-2017-6463", "CVE-2017-13818", "CVE-2016-9843", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-6452", "CVE-2016-5387", "CVE-2017-7086", "CVE-2017-7082", "CVE-2017-13835", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-13837", "CVE-2016-9841", "CVE-2017-7127", "CVE-2017-6464", "CVE-2017-13825", "CVE-2017-7124", "CVE-2017-7123", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-7122", "CVE-2017-13909", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13\n\nReleased September 25, 2017\n\n**802.1X**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**apache**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues existed in Apache. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry added October 31, 2017, updated December 14, 2018\n\n**Apple Account Settings**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may gain access to iCloud authentication tokens\n\nDescription: An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain.\n\nCVE-2017-13909: Andreas Nilsson\n\nEntry added October 18, 2018\n\n**AppleScript**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Application Firewall**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A previously denied application firewall setting may take effect after upgrading\n\nDescription: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades.\n\nCVE-2017-7084: an anonymous researcher\n\n**AppSandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7074: Daniel Jalkut of Red Sweater Software\n\n**ATS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\nEntry added October 31, 2017\n\n**Audio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry added October 31, 2017\n\n**Captive Network Assistant**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may unknowingly send a password unencrypted over the network\n\nDescription: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state.\n\nCVE-2017-7143: Matthew Green of Johns Hopkins University\n\nEntry updated October 3, 2017\n\n**CFNetwork**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\n**CFString**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\n**CoreText**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**CoreTypes**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted webpage may result in the mounting of a disk image\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis\n\nEntry added March 29, 2018\n\n**DesktopServices**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to observe unprotected user data\n\nDescription: A file access issue existed with certain home folder files. This was addressed with improved access restrictions.\n\nCVE-2017-13851: Henrique Correa de Amorim\n\nEntry added November 2, 2017, updated February 14, 2018\n\n**Directory Utility**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to determine the Apple ID of the owner of the computer\n\nDescription: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.\n\nCVE-2017-7138: Daniel Kvak of Masaryk University\n\nEntry updated October 3, 2017\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.30.\n\nCVE-2017-7121: found by OSS-Fuzz\n\nCVE-2017-7122: found by OSS-Fuzz\n\nCVE-2017-7123: found by OSS-Fuzz\n\nCVE-2017-7124: found by OSS-Fuzz\n\nCVE-2017-7125: found by OSS-Fuzz\n\nCVE-2017-7126: found by OSS-Fuzz\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815\n\nEntry added October 31, 2017\n\n**Fonts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13835: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Heimdal**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\n**HelpViewer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Installer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to access the FileVault unlock key\n\nDescription: This issue was addressed by removing additional entitlements.\n\nCVE-2017-13837: Patrick Wardle of Synack\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7077: Brandon Azad\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**kext tools**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A logic error in kext loading was addressed with improved state handling.\n\nCVE-2017-13827: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\n**libexpat**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: The sender of an email may be able to determine the IP address of the recipient\n\nDescription: Turning off \"Load remote content in messages\" did not apply to all mailboxes. This issue was addressed with improved setting propagation.\n\nCVE-2017-7141: John Whitehead of The New York Times\n\nEntry updated October 3, 2017\n\n**Mail Drafts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker with a privileged network position may be able to intercept mail contents\n\nDescription: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.\n\nCVE-2017-7078: Petter Flink, Pierre ALBAR\u00c8DE from Marseille (France), an anonymous researcher\n\nEntry updated October 3, 2017\n\n**ntp**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in ntp\n\nDescription: Multiple issues were addressed by updating to version 4.2.8p10\n\nCVE-2017-6451: Cure53 \n\nCVE-2017-6452: Cure53 \n\nCVE-2017-6455: Cure53 \n\nCVE-2017-6458: Cure53 \n\nCVE-2017-6459: Cure53 \n\nCVE-2017-6460: Cure53 \n\nCVE-2017-6462: Cure53 \n\nCVE-2017-6463: Cure53 \n\nCVE-2017-6464: Cure53\n\nCVE-2016-9042: Matthew Van Gundy of Cisco\n\n**Open Scripting Architecture**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\nEntry added October 31, 2017\n\n**PCRE**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\nEntry added October 31, 2017\n\n**Postfix**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry added October 31, 2017, updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**QuickTime**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\nEntry added October 31, 2017\n\n**Sandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Screen Lock**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Application Firewall prompts may appear over Login Window\n\nDescription: A window management issue was addressed through improved state management.\n\nCVE-2017-7082: Tim Kingman\n\n**Security**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune, an anonymous researcher, an anonymous researcher\n\n**SMB**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Spotlight may display results for files not belonging to the user\n\nDescription: An access issue existed in Spotlight. This issue was addressed through improved access restrictions.\n\nCVE-2017-13839: Ken Harris of the Free Robot Collective\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to access restricted files\n\nDescription: An access issue was addressed with additional sandbox restrictions on applications.\n\nCVE-2017-13910\n\nEntry added October 18, 2018\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\n**zlib**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added February 6, 2020\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**NSWindow**\n\nWe would like to acknowledge Trent Apted of the Google Chrome team for their assistance.\n\n**WebKit Web Inspector**\n\nWe would like to acknowledge Ioan Biz\u0103u of Bloggify for their assistance.\n\n\n\n## macOS High Sierra 10.13 Supplemental Update\n\nNew downloads of macOS High Sierra 10.13 include the security content of the [macOS High Sierra 10.13 Supplemental Update](<https://support.apple.com/kb/HT208165>).\n", "edition": 2, "modified": "2020-02-06T07:51:09", "published": "2020-02-06T07:51:09", "id": "APPLE:HT208144", "href": "https://support.apple.com/kb/HT208144", "title": "About the security content of macOS High Sierra 10.13 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}