{"id": "RHSA-2016:0063", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0063) Important: ntp security update", "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n", "published": "2016-01-25T05:00:00", "modified": "2018-06-06T20:24:13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://access.redhat.com/errata/RHSA-2016:0063", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-8138"], "lastseen": "2019-08-13T18:45:50", "viewCount": 52, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2019-08-13T18:45:50", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8138"]}, {"type": "f5", "idList": ["F5:K71245322", "SOL71245322", "F5:K80996302"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2016-0063.NASL", "ARISTA_EOS_SA0019.NASL", "CENTOS_RHSA-2016-0063.NASL", "ORACLEVM_OVMSA-2016-0006.NASL", "SLACKWARE_SSA_2016-054-04.NASL", "SL_20160125_NTP_ON_SL6_X.NASL", "ALA_ALAS-2016-649.NASL", "FEDORA_2016-8BB1932088.NASL", "F5_BIGIP_SOL71245322.NASL", "ORACLELINUX_ELSA-2016-0063.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120639", "OPENVAS:1361412562310807227", "OPENVAS:1361412562310703629", "OPENVAS:1361412562310105666", "OPENVAS:1361412562310882376", "OPENVAS:1361412562310105726", "OPENVAS:1361412562310871547", "OPENVAS:1361412562310882375", "OPENVAS:1361412562310131203", "OPENVAS:1361412562310122859"]}, {"type": "talos", "idList": ["TALOS-2016-0203", "TALOS-2016-0077", "TALOS-2016-0260", "TALOS-2016-0078"]}, {"type": "centos", "idList": ["CESA-2016:0063"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2583", "ELSA-2016-0063", "ELSA-2016-0780"]}, {"type": "seebug", "idList": ["SSV:96543", "SSV:96647"]}, {"type": "fedora", "idList": ["FEDORA:4228960617E1", "FEDORA:AFA96612EFCF"]}, {"type": "amazon", "idList": ["ALAS-2016-649"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0019"]}, {"type": "slackware", "idList": ["SSA-2016-120-01", "SSA-2016-054-04"]}, {"type": "debian", "idList": ["DEBIAN:DLA-559-1:E64BA", "DEBIAN:DSA-3629-1:3CA50"]}, {"type": "cisco", "idList": ["CISCO-SA-20161123-NTPD", "CISCO-SA-20160127-NTPD", "CISCO-SA-20160428-NTPD"]}, {"type": "freebsd", "idList": ["B2487D9A-0C30-11E6-ACD0-D050996490D0", "5237F5D7-C020-11E5-B397-D050996490D0"]}, {"type": "symantec", "idList": ["SMNTC-1350"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1912-1", "SUSE-SU-2016:1247-1", "SUSE-SU-2016:1175-1", "SUSE-SU-2016:2094-1", "SUSE-SU-2016:1311-1", "OPENSUSE-SU-2016:1292-1", "SUSE-SU-2016:1177-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0B67E4FF46553AC705FD601C96C1A6B6"]}, {"type": "ubuntu", "idList": ["USN-3096-1"]}, {"type": "cert", "idList": ["VU:718152"]}, {"type": "gentoo", "idList": ["GLSA-201607-15"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2016"]}], "modified": "2019-08-13T18:45:50", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "ntpdate", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntpdate-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "ntp", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "ntp", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "ntpdate", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "ntp-debuginfo", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "ntpdate", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "ntp", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "ntp-debuginfo", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-debuginfo-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "ntp-doc", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-doc-4.2.6p5-22.el7_2.1.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "ntp", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "ntp-perl", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "ntp", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "ntp-perl", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-perl-4.2.6p5-22.el7_2.1.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "ntp", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "sntp", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "sntp-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "sntp", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "sntp-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "ntp", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "ntp-debuginfo", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "ntp-debuginfo", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-debuginfo-4.2.6p5-22.el7_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "ntp-debuginfo", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "ntp-perl", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "ntp-debuginfo", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "ntp", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-4.2.6p5-5.el6_7.4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "ntpdate", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntpdate-4.2.6p5-22.el7_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "ntpdate", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "ntp-debuginfo", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-debuginfo-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "ntp-perl", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "ntpdate", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntpdate-4.2.6p5-5.el6_7.4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "ntpdate", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "ntpdate-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "ntp-perl", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-perl-4.2.6p5-5.el6_7.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "sntp", "packageVersion": "4.2.6p5-22.el7_2.1", "packageFilename": "sntp-4.2.6p5-22.el7_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "ntp-doc", "packageVersion": "4.2.6p5-5.el6_7.4", "packageFilename": "ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-12-09T20:03:08", "description": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-30T21:59:00", "title": "CVE-2015-8138", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8138"], "modified": "2017-11-21T02:29:00", "cpe": ["cpe:/a:ntp:ntp:4.3.18", "cpe:/a:ntp:ntp:4.3.45", "cpe:/a:ntp:ntp:4.3.72", "cpe:/a:ntp:ntp:4.3.0", "cpe:/a:ntp:ntp:4.3.25", "cpe:/a:ntp:ntp:4.3.74", "cpe:/a:ntp:ntp:4.3.28", "cpe:/a:ntp:ntp:4.3.61", "cpe:/a:ntp:ntp:4.3.22", "cpe:/a:ntp:ntp:4.3.51", "cpe:/a:ntp:ntp:4.3.54", "cpe:/a:ntp:ntp:4.3.3", "cpe:/a:ntp:ntp:4.3.81", "cpe:/a:ntp:ntp:4.3.67", "cpe:/a:ntp:ntp:4.3.79", "cpe:/a:ntp:ntp:4.3.76", "cpe:/a:ntp:ntp:4.3.29", "cpe:/a:ntp:ntp:4.3.33", "cpe:/a:ntp:ntp:4.3.20", "cpe:/a:ntp:ntp:4.3.37", "cpe:/a:ntp:ntp:4.3.24", "cpe:/a:ntp:ntp:4.3.49", "cpe:/a:ntp:ntp:4.3.11", "cpe:/a:ntp:ntp:4.3.17", "cpe:/a:ntp:ntp:4.3.19", "cpe:/a:ntp:ntp:4.3.4", "cpe:/a:ntp:ntp:4.3.13", "cpe:/a:ntp:ntp:4.3.78", "cpe:/a:ntp:ntp:4.3.31", "cpe:/a:ntp:ntp:4.3.44", "cpe:/a:ntp:ntp:4.3.69", "cpe:/a:ntp:ntp:4.3.1", "cpe:/a:ntp:ntp:4.3.55", "cpe:/a:ntp:ntp:4.3.34", "cpe:/a:ntp:ntp:4.2.8", "cpe:/a:ntp:ntp:4.3.23", "cpe:/a:ntp:ntp:4.3.41", "cpe:/a:ntp:ntp:4.3.84", "cpe:/a:ntp:ntp:4.3.75", "cpe:/a:ntp:ntp:4.3.52", "cpe:/a:ntp:ntp:4.3.40", "cpe:/a:ntp:ntp:4.3.10", "cpe:/a:ntp:ntp:4.3.36", "cpe:/a:ntp:ntp:4.3.83", "cpe:/a:ntp:ntp:4.3.65", "cpe:/a:ntp:ntp:4.3.77", "cpe:/a:ntp:ntp:4.3.60", "cpe:/a:ntp:ntp:4.3.38", "cpe:/a:ntp:ntp:4.3.30", "cpe:/a:ntp:ntp:4.3.56", "cpe:/a:ntp:ntp:4.3.53", "cpe:/a:ntp:ntp:4.3.64", "cpe:/a:ntp:ntp:4.3.15", "cpe:/a:ntp:ntp:4.3.46", "cpe:/a:ntp:ntp:4.3.57", "cpe:/a:ntp:ntp:4.3.59", "cpe:/a:ntp:ntp:4.3.58", "cpe:/a:ntp:ntp:4.3.87", "cpe:/a:ntp:ntp:4.3.12", "cpe:/a:ntp:ntp:4.3.62", "cpe:/a:ntp:ntp:4.3.6", "cpe:/a:ntp:ntp:4.3.66", "cpe:/a:ntp:ntp:4.3.32", "cpe:/a:ntp:ntp:4.3.86", "cpe:/a:ntp:ntp:4.3.2", "cpe:/a:ntp:ntp:4.3.80", "cpe:/a:ntp:ntp:4.3.63", "cpe:/a:ntp:ntp:4.3.21", "cpe:/a:ntp:ntp:4.3.82", "cpe:/a:ntp:ntp:4.3.5", "cpe:/a:ntp:ntp:4.3.89", "cpe:/a:ntp:ntp:4.3.14", "cpe:/a:ntp:ntp:4.3.8", "cpe:/a:ntp:ntp:4.3.7", "cpe:/a:ntp:ntp:4.3.43", "cpe:/a:ntp:ntp:4.3.47", "cpe:/a:ntp:ntp:4.3.48", "cpe:/a:ntp:ntp:4.3.73", "cpe:/a:ntp:ntp:4.3.16", "cpe:/a:ntp:ntp:4.3.70", "cpe:/a:ntp:ntp:4.3.26", "cpe:/a:ntp:ntp:4.3.50", "cpe:/a:ntp:ntp:4.3.27", "cpe:/a:ntp:ntp:4.3.39", "cpe:/a:ntp:ntp:4.3.42", "cpe:/a:ntp:ntp:4.3.85", "cpe:/a:ntp:ntp:4.3.68", "cpe:/a:ntp:ntp:4.3.88", "cpe:/a:ntp:ntp:4.3.71", "cpe:/a:ntp:ntp:4.3.35"], "id": "CVE-2015-8138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8138", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T00:16:40", "bulletinFamily": "software", "cvelist": ["CVE-2015-8138"], "edition": 1, "description": "\nF5 Product Development has assigned ID 570697 (BIG-IP), ID 573411 (BIG-IQ), ID 507785 (ARX), LRS-60602 (LineRate), and INSTALLER-2199 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 - HF11 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9| Medium| ntpd \nBIG-IP AFM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9| Medium| ntpd \nBIG-IP Analytics| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1| Medium| ntpd \nBIG-IP APM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP ASM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP DNS| 12.0.0 - 12.1.0| 12.1.1 - 12.1.2| Medium| ntpd \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| 11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP Link Controller| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP PEM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.5.3 - 11.5.4 \n11.5.0 HF7 \n11.4.1 HF9 \n11.4.0 HF10| 12.1.1 - 12.1.2 \n11.5.1 - 11.5.2 \n11.5.0 - 11.5.0 HF6 \n11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9| Medium| ntpd \nBIG-IP PSM| 11.4.1 HF9 \n11.4.0 HF10| 11.4.1 - 11.4.1 HF8 \n11.4.0 - 11.4.0 HF9 \n11.2.1 \n10.1.0 - 10.2.4| Medium| ntpd \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| ntpd \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| ntpd \nBIG-IQ ADC| 4.5.0| None| Medium| ntpd \nBIG-IQ Centralized Management| 4.6.0| None| Medium| ntpd \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| ntpd \nLineRate| 2.5.0 - 2.6.1| None| Medium| ntpd \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| ntpd\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T19:23:00", "published": "2016-02-22T22:22:00", "href": "https://support.f5.com/csp/article/K71245322", "id": "F5:K71245322", "title": "NTP vulnerability CVE-2015-8138", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-12-03T05:27:54", "bulletinFamily": "software", "cvelist": ["CVE-2015-8138"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-10-05T00:00:00", "published": "2016-02-22T00:00:00", "id": "SOL71245322", "href": "http://support.f5.com/kb/en-us/solutions/public/k/71/sol71245322.html", "type": "f5", "title": "SOL71245322 - NTP vulnerability CVE-2015-8138", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-06-08T00:16:02", "bulletinFamily": "software", "cvelist": ["CVE-2016-9312", "CVE-2015-8138", "CVE-2016-7433", "CVE-2016-7427", "CVE-2016-7429", "CVE-2016-7428", "CVE-2016-7431"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T19:23:00", "published": "2016-12-17T02:37:00", "href": "https://support.f5.com/csp/article/K80996302", "id": "F5:K80996302", "type": "f5", "title": "Multiple NTP vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T01:58:53", "description": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to\nbypass the origin timestamp validation via a packet with an origin\ntimestamp set to zero. (CVE-2015-8138)", "edition": 33, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-02-23T00:00:00", "title": "F5 Networks BIG-IP : NTP vulnerability (K71245322)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL71245322.NASL", "href": "https://www.tenable.com/plugins/nessus/88888", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K71245322.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88888);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-8138\");\n\n script_name(english:\"F5 Networks BIG-IP : NTP vulnerability (K71245322)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to\nbypass the origin timestamp validation via a packet with an origin\ntimestamp set to zero. (CVE-2015-8138)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K71245322\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K71245322.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K71245322\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9-11.4.1HF11\",\"11.4.0HF10\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\",\"11.6.0-11.6.1\",\"11.5.3-11.5.4\",\"11.5.0HF7\",\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.1-12.1.2\",\"11.5.1-11.5.2\",\"11.5.0-11.5.0HF6\",\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.4.1HF9\",\"11.4.0HF10\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1-11.4.1HF8\",\"11.4.0-11.4.0HF9\",\"11.2.1\",\"10.1.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T05:06:06", "description": "Updated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.", "edition": 32, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-01-26T00:00:00", "title": "RHEL 6 / 7 : ntp (RHSA-2016:0063)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:ntp", "p-cpe:/a:redhat:enterprise_linux:ntp-perl", "p-cpe:/a:redhat:enterprise_linux:ntp-doc", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:ntpdate", "p-cpe:/a:redhat:enterprise_linux:sntp", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0063.NASL", "href": "https://www.tenable.com/plugins/nessus/88172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0063. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88172);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-8138\");\n script_xref(name:\"RHSA\", value:\"2016:0063\");\n\n script_name(english:\"RHEL 6 / 7 : ntp (RHSA-2016:0063)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8138\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0063\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ntp-doc-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-doc-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ntp-perl-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:50:32", "description": "From Red Hat Security Advisory 2016:0063 :\n\nUpdated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.", "edition": 28, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-01-26T00:00:00", "title": "Oracle Linux 6 / 7 : ntp (ELSA-2016-0063)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2016-01-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:ntpdate", "p-cpe:/a:oracle:linux:sntp", "p-cpe:/a:oracle:linux:ntp-perl", "p-cpe:/a:oracle:linux:ntp-doc", "p-cpe:/a:oracle:linux:ntp", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0063.NASL", "href": "https://www.tenable.com/plugins/nessus/88167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0063 and \n# Oracle Linux Security Advisory ELSA-2016-0063 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88167);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-8138\");\n script_xref(name:\"RHSA\", value:\"2016:0063\");\n\n script_name(english:\"Oracle Linux 6 / 7 : ntp (ELSA-2016-0063)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0063 :\n\nUpdated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005716.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005717.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-doc-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:49:08", "description": "It was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAfter installing the update, the ntpd daemon will restart\nautomatically.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-01-26T00:00:00", "title": "Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20160125)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2016-01-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:sntp", "p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ntp", "p-cpe:/a:fermilab:scientific_linux:ntp-doc", "p-cpe:/a:fermilab:scientific_linux:ntpdate", "p-cpe:/a:fermilab:scientific_linux:ntp-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160125_NTP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/88175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88175);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-8138\");\n\n script_name(english:\"Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 (20160125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAfter installing the update, the ntpd daemon will restart\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1601&L=scientific-linux-errata&F=&S=&P=11088\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22438291\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-debuginfo-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-doc-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntp-perl-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntp-debuginfo-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-doc-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ntp-perl-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:30:29", "description": "Updated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.", "edition": 31, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-01-26T00:00:00", "title": "CentOS 6 / 7 : ntp (CESA-2016:0063)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2016-01-26T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:ntp-perl", "p-cpe:/a:centos:centos:sntp", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:ntpdate", "p-cpe:/a:centos:centos:ntp-doc"], "id": "CENTOS_RHSA-2016-0063.NASL", "href": "https://www.tenable.com/plugins/nessus/88147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0063 and \n# CentOS Errata and Security Advisory 2016:0063 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88147);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-8138\");\n script_xref(name:\"RHSA\", value:\"2016:0063\");\n\n script_name(english:\"CentOS 6 / 7 : ntp (CESA-2016:0063)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ntp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-January/021623.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a7bd6cb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-January/021624.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05b20906\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8138\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-4.2.6p5-5.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-doc-4.2.6p5-5.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntp-perl-4.2.6p5-5.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ntpdate-4.2.6p5-5.el6.centos.4\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-doc-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntp-perl-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ntpdate-4.2.6p5-22.el7.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sntp-4.2.6p5-22.el7.centos.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-perl / ntpdate / sntp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T13:23:42", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - don't accept server/peer packets with zero origin\n timestamp (CVE-2015-8138)", "edition": 29, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-01-26T00:00:00", "title": "OracleVM 3.3 : ntp (OVMSA-2016-0006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "modified": "2016-01-26T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:ntpdate", "cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:ntp"], "id": "ORACLEVM_OVMSA-2016-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/88169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0006.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88169);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-8138\");\n\n script_name(english:\"OracleVM 3.3 : ntp (OVMSA-2016-0006)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - don't accept server/peer packets with zero origin\n timestamp (CVE-2015-8138)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-January/000410.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35f952b3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp / ntpdate packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntp-4.2.6p5-5.el6_7.4\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"ntpdate-4.2.6p5-5.el6_7.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntpdate\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-09-14T13:16:23", "description": "The version of Arista Networks EOS running on the remote device is\naffected by multiple vulnerabilities :\n\n - A flaw exists in NTP in the receive() function within\n file ntpd/ntp_proto.c that allows packets with an origin\n timestamp of zero to bypass security checks. An\n unauthenticated, remote attacker can exploit this to\n spoof arbitrary content. (CVE-2015-8138)\n\n - A flaw exists in NTP when handling crafted Crypto NAK\n Packets having spoofed source addresses that match an\n existing associated peer. A unauthenticated, remote\n attacker can exploit this to demobilize a client\n association, resulting in a denial of service condition.\n (CVE-2016-1547)\n\n - A flaw exists in NTP when handling packets that have\n been spoofed to appear to be coming from a valid ntpd\n server, which may cause a switch to interleaved\n symmetric mode. An unauthenticated, remote attacker can\n exploit this, via a packet having a spoofed timestamp,\n to cause the client to reject future legitimate server\n responses, resulting in a denial of service condition.\n (CVE-2016-1548)\n\n - A flaw exits in NTP when handling a saturation of\n ephemeral associations. An authenticated, remote\n attacker can exploit this to defeat the clock selection\n algorithm and thereby modify a victim's clock.\n (CVE-2016-1549)\n\n - A flaw exists in NTP in the message authentication\n functionality of libntp that is triggered when handling\n a series of specially crafted messages. An\n unauthenticated, remote attacker can exploit this to\n partially recover the message digest key.\n (CVE-2016-1550)", "edition": 13, "cvss3": {"score": 7.2, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L"}, "published": "2018-02-28T00:00:00", "title": "Arista Networks EOS Multiple Vulnerabilities (SA0019)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1548", "CVE-2015-8138", "CVE-2016-1550", "CVE-2016-1547", "CVE-2016-1549"], "modified": "2018-02-28T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0019.NASL", "href": "https://www.tenable.com/plugins/nessus/107061", "sourceData": "#TRUSTED 252c1ed52e7735177cb924351a30410a38192a623b31f3e142091f4b72921579f4fc7206baeb21010fd24ceb06e3bdaf2548ef3e56934f552452d0f9b82a35c7660fa4b3c837d77b359cb75d0cb919b0a86a09ecc7fa09485af56bfc90159f5ec7d3f70f40562e21d15efa89773fbd22cee3025364af8c0b3d48c2939104e61812a75440192dc0af090b635ff6c994fd8eb900be1e26fed78e8a4d801feba1133c0f4aadb53aa6991f251de103ab66c75a394e50b33ad3f8ba91d606ac4c8736b1696787f3d43d9dac46de06fc8e595c7321e770060260eef22af9b7e78de423fca1151a56da30c8dcd9532e9a6acb2bac381b2c1a7c1b392406499b60ed93e874fc4f7040aabb683577821311a8dab52faa0e0f94869c5ef4f59337f66a1359288004c166e49027ae89c16033dcc40fae25fc323235165920b0c961c3dbbad8d8457d7fd73e0215732c2c45078ba59617e2699040e60c3ea2d26afc34ef5bd7dc9f07255bab1e904b069cf76ec02a06bb79f57124d29236e8eb66d00da97d21887d24c124964818e2c3d9fe0f52b48f5030a5dbee87f43b2f4c5b3c75134d8d45e01c483500998e46d3742d2f01957d1046c40c4d7e604652e38054afec05f7c93439604f5dfd05d54a1a8720ea01a8258082f4fe301538ef9516e1f6d53306203577791b6e0e9a2143cfc9b4909cd785e4b4eb08f44cf9beb1f44ff4002f7b\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107061);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/13\");\n\n script_cve_id(\n \"CVE-2015-8138\",\n \"CVE-2016-1547\",\n \"CVE-2016-1548\",\n \"CVE-2016-1549\",\n \"CVE-2016-1550\"\n );\n script_bugtraq_id(\n 81811,\n 88200,\n 88261,\n 88264,\n 88276\n );\n script_xref(name:\"CERT\", value:\"718152\");\n\n script_name(english:\"Arista Networks EOS Multiple Vulnerabilities (SA0019)\");\n script_summary(english:\"Checks the Arista Networks EOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by multiple vulnerabilities :\n\n - A flaw exists in NTP in the receive() function within\n file ntpd/ntp_proto.c that allows packets with an origin\n timestamp of zero to bypass security checks. An\n unauthenticated, remote attacker can exploit this to\n spoof arbitrary content. (CVE-2015-8138)\n\n - A flaw exists in NTP when handling crafted Crypto NAK\n Packets having spoofed source addresses that match an\n existing associated peer. A unauthenticated, remote\n attacker can exploit this to demobilize a client\n association, resulting in a denial of service condition.\n (CVE-2016-1547)\n\n - A flaw exists in NTP when handling packets that have\n been spoofed to appear to be coming from a valid ntpd\n server, which may cause a switch to interleaved\n symmetric mode. An unauthenticated, remote attacker can\n exploit this, via a packet having a spoofed timestamp,\n to cause the client to reject future legitimate server\n responses, resulting in a denial of service condition.\n (CVE-2016-1548)\n\n - A flaw exits in NTP when handling a saturation of\n ephemeral associations. An authenticated, remote\n attacker can exploit this to defeat the clock selection\n algorithm and thereby modify a victim's clock.\n (CVE-2016-1549)\n\n - A flaw exists in NTP in the message authentication\n functionality of libntp that is triggered when handling\n a series of specially crafted messages. An\n unauthenticated, remote attacker can exploit this to\n partially recover the message digest key.\n (CVE-2016-1550)\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dabe6203\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact the vendor for a fixed version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1548\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\");\n\n exit(0);\n}\n\n\ninclude(\"arista_eos_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Arista-EOS/Version\");\n\nvmatrix = make_array();\nvmatrix[\"all\"] = make_list(\"0.0<=4.12.99\");\nvmatrix[\"F\"] = make_list(\"4.13.1.1<=4.13.6\",\n \"4.14.0<=4.14.5\",\n \"4.15.0<=4.15.4.1\");\n\nvmatrix[\"M\"] = make_list(\"4.13.5<=4.13.15\",\n \"4.14.6<=4.14.12\",\n \"4.15.5\",\"4.15.6\");\n\nvmatrix[\"misc\"] = make_list(\"4.14.5FX\",\n \"4.14.5FX\",\n \"4.14.5FX.1\",\n \"4.14.5FX.2\",\n \"4.14.5FX.3\",\n \"4.14.5FX.4\",\n \"4.14.5.1F-SSU\",\n \"4.15.0FX\",\n \"4.15.0FXA\",\n \"4.15.0FX1\",\n \"4.15.1FXB.1\",\n \"4.15.1FXB\",\n \"4.15.1FX-7060X\",\n \"4.15.1FX-7060QX\",\n \"4.15.3FX-7050X-72Q\",\n \"4.15.3FX-7060X.1\",\n \"4.15.3FX-7500E3\",\n \"4.15.3FX-7500E3.3\",\n \"4.15.4FX-7500E3\",\n \"4.15.5FX-7500R\");\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n{\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Arista Networks EOS\", version);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:29", "description": "Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977,\nCVE-2015-7978, CVE-2015-7979, CVE-2015-8158\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : ntp-4.2.6p5-36.fc23 (2016-8bb1932088)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-8BB1932088.NASL", "href": "https://www.tenable.com/plugins/nessus/89577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-8bb1932088.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89577);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\");\n script_xref(name:\"FEDORA\", value:\"2016-8bb1932088\");\n\n script_name(english:\"Fedora 23 : ntp-4.2.6p5-36.fc23 (2016-8bb1932088)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977,\nCVE-2015-7978, CVE-2015-7979, CVE-2015-8158\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1297471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1299442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300273\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6201181\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"ntp-4.2.6p5-36.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T13:13:53", "description": "It was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nA NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could use this flaw to crash the\nntpd process. (CVE-2015-7977)\n\nIt was found that NTP does not verify peer associations of symmetric\nkeys when authenticating packets, which might allow remote attackers\nto conduct impersonation attacks via an arbitrary trusted key.\n(CVE-2015-7974)\n\nA stack-based buffer overflow was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could use this flaw to crash the\nntpd process. (CVE-2015-7978)\n\nIt was found that when NTP is configured in broadcast mode, an\noff-path attacker could broadcast packets with bad authentication\n(wrong key, mismatched key, incorrect MAC, etc) to all clients. The\nclients, upon receiving the malformed packets, would break the\nassociation with the broadcast server. This could cause the time on\naffected clients to become out of sync over a longer period of time.\n(CVE-2015-7979)\n\nA flaw was found in the way the ntpq client certain processed incoming\npackets in a loop in the getresponse() function. A remote attacker\ncould potentially use this flaw to crash an ntpq client instance.\n(CVE-2015-8158)\n\nA flaw was found in ntpd that allows remote attackers to cause a\ndenial of service (ephemeral-association demobilization) by sending a\nspoofed crypto-NAK packet with incorrect authentication data at a\ncertain time. (CVE-2016-4953)\n\n(Updated 2016-10-18: CVE-2016-4953 was fixed in this release but was\nnot previously part of this errata.)", "edition": 26, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"}, "published": "2016-02-10T00:00:00", "title": "Amazon Linux AMI : ntp (ALAS-2016-649)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2016-4953", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-02-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ntp-perl", "p-cpe:/a:amazon:linux:ntp-doc", "p-cpe:/a:amazon:linux:ntpdate", "p-cpe:/a:amazon:linux:ntp", "p-cpe:/a:amazon:linux:ntp-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-649.NASL", "href": "https://www.tenable.com/plugins/nessus/88661", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-649.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88661);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\", \"CVE-2016-4953\");\n script_xref(name:\"ALAS\", value:\"2016-649\");\n\n script_name(english:\"Amazon Linux AMI : ntp (ALAS-2016-649)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use\nthis flaw to send a crafted packet to an ntpd client that would\neffectively disable synchronization with the server, or push arbitrary\noffset/delay measurements to modify the time on the client.\n(CVE-2015-8138)\n\nA NULL pointer dereference flaw was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could use this flaw to crash the\nntpd process. (CVE-2015-7977)\n\nIt was found that NTP does not verify peer associations of symmetric\nkeys when authenticating packets, which might allow remote attackers\nto conduct impersonation attacks via an arbitrary trusted key.\n(CVE-2015-7974)\n\nA stack-based buffer overflow was found in the way ntpd processed\n'ntpdc reslist' commands that queried restriction lists with a large\namount of entries. A remote attacker could use this flaw to crash the\nntpd process. (CVE-2015-7978)\n\nIt was found that when NTP is configured in broadcast mode, an\noff-path attacker could broadcast packets with bad authentication\n(wrong key, mismatched key, incorrect MAC, etc) to all clients. The\nclients, upon receiving the malformed packets, would break the\nassociation with the broadcast server. This could cause the time on\naffected clients to become out of sync over a longer period of time.\n(CVE-2015-7979)\n\nA flaw was found in the way the ntpq client certain processed incoming\npackets in a loop in the getresponse() function. A remote attacker\ncould potentially use this flaw to crash an ntpq client instance.\n(CVE-2015-8158)\n\nA flaw was found in ntpd that allows remote attackers to cause a\ndenial of service (ephemeral-association demobilization) by sending a\nspoofed crypto-NAK packet with incorrect authentication data at a\ncertain time. (CVE-2016-4953)\n\n(Updated 2016-10-18: CVE-2016-4953 was fixed in this release but was\nnot previously part of this errata.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-649.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update ntp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ntp-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-debuginfo-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-doc-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntp-perl-4.2.6p5-36.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ntpdate-4.2.6p5-36.29.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:51", "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix security issues.", "edition": 22, "cvss3": {"score": 7.7, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"}, "published": "2016-02-24T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "modified": "2016-02-24T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:ntp", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2016-054-04.NASL", "href": "https://www.tenable.com/plugins/nessus/88912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-054-04. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88912);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5300\", \"CVE-2015-7973\", \"CVE-2015-7974\", \"CVE-2015-7975\", \"CVE-2015-7976\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\");\n script_xref(name:\"SSA\", value:\"2016-054-04\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.546478\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?465b5d89\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ntp\", pkgver:\"4.2.8p6\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "description": "Check the version of ntp", "modified": "2019-03-08T00:00:00", "published": "2016-01-26T00:00:00", "id": "OPENVAS:1361412562310882375", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882375", "type": "openvas", "title": "CentOS Update for ntp CESA-2016:0063 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ntp CESA-2016:0063 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882375\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 06:10:58 +0100 (Tue, 26 Jan 2016)\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ntp CESA-2016:0063 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of ntp\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\");\n script_tag(name:\"affected\", value:\"ntp on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0063\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021624.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~22.el7.centos.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-01-26T00:00:00", "id": "OPENVAS:1361412562310871547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871547", "type": "openvas", "title": "RedHat Update for ntp RHSA-2016:0063-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ntp RHSA-2016:0063-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871547\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 06:10:45 +0100 (Tue, 26 Jan 2016)\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ntp RHSA-2016:0063-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\");\n script_tag(name:\"affected\", value:\"ntp on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0063-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-January/msg00032.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~22.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6_7.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~5.el6_7.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6_7.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "description": "Oracle Linux Local Security Checks ELSA-2016-0063", "modified": "2019-03-14T00:00:00", "published": "2016-01-26T00:00:00", "id": "OPENVAS:1361412562310122859", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122859", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0063", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0063.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122859\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 10:12:45 +0200 (Tue, 26 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0063\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0063 - ntp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0063\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0063.html\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"sntp\", rpm:\"sntp~4.2.6p5~22.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138"], "description": "Check the version of ntp", "modified": "2019-03-08T00:00:00", "published": "2016-01-26T00:00:00", "id": "OPENVAS:1361412562310882376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882376", "type": "openvas", "title": "CentOS Update for ntp CESA-2016:0063 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ntp CESA-2016:0063 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882376\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-26 06:11:00 +0100 (Tue, 26 Jan 2016)\");\n script_cve_id(\"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ntp CESA-2016:0063 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of ntp\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to\nsynchronize a computer's time with a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\");\n script_tag(name:\"affected\", value:\"ntp on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0063\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021623.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~5.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T22:58:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-02-11T00:00:00", "id": "OPENVAS:1361412562310120639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120639", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-649)", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120639\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-02-11 07:16:47 +0200 (Thu, 11 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-649)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in NTP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update ntp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-649.html\");\n script_cve_id(\"CVE-2015-7977\", \"CVE-2015-7974\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\", \"CVE-2015-8138\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.6p5~36.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310807227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807227", "type": "openvas", "title": "Fedora Update for ntp FEDORA-2016-8", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ntp FEDORA-2016-8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807227\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:22 +0530 (Fri, 05 Feb 2016)\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-8138\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8158\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ntp FEDORA-2016-8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ntp on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~36.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8138", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "description": "Mageia Linux Local Security Checks mgasa-2016-0039", "modified": "2019-03-14T00:00:00", "published": "2016-02-02T00:00:00", "id": "OPENVAS:1361412562310131203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131203", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0039", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0039.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131203\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-02 07:44:19 +0200 (Tue, 02 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0039\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0039.html\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8158\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0039\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.6p5~24.4.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-09T15:19:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "description": "Multiple Cisco products incorporate a version of the Network Time Protocol\n daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow\n an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being\n advertised by a device acting as a Network Time Protocol (NTP) server.\n\n On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing\n 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,\n and logic issues that may allow an attacker to shift a client", "modified": "2019-10-09T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310105666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105666", "type": "openvas", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:cisco:ios_xe\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105666\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7975\", \"CVE-2015-7976\", \"CVE-2015-7978\", \"CVE-2015-7977\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8139\", \"CVE-2015-8140\", \"CVE-2015-8158\", \"CVE-2015-7973\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Multiple Cisco products incorporate a version of the Network Time Protocol\n daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow\n an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being\n advertised by a device acting as a Network Time Protocol (NTP) server.\n\n On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing\n 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,\n and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows:\n\n - CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability\n\n - CVE-2015-7974: Network Time Protocol Missing Trusted Key Check\n\n - CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check\n\n - CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames\n\n - CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability\n\n - CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service\n\n - CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service\n\n - CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass\n\n - CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp\n\n - CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack\n\n - CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop\n\n\n Cisco has released software updates that address these vulnerabilities.\n\n Workarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 17:40:21 +0200 (Mon, 09 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ios_xe_version.nasl\");\n script_mandatory_keys(\"cisco_ios_xe/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n '2.1.0',\n '2.1.1',\n '2.1.2',\n '2.2.1',\n '2.2.2',\n '2.2.3',\n '2.3.0',\n '2.3.0t',\n '2.3.1t',\n '2.3.2',\n '2.4.0',\n '2.4.1',\n '2.5.0',\n '2.5.1',\n '2.5.2',\n '2.6.0',\n '2.6.1',\n '2.6.2',\n '3.1.0S',\n '3.1.1S',\n '3.1.2S',\n '3.1.3S',\n '3.1.4S',\n '3.1.5S',\n '3.1.6S',\n '3.1.0SG',\n '3.1.1SG',\n '3.2.0S',\n '3.2.1S',\n '3.2.2S',\n '3.2.3S',\n '3.2.0SE',\n '3.2.1SE',\n '3.2.2SE',\n '3.2.3SE',\n '3.2.0SG',\n '3.2.1SG',\n '3.2.2SG',\n '3.2.3SG',\n '3.2.4SG',\n '3.2.5SG',\n '3.2.6SG',\n '3.2.7SG',\n '3.2.8SG',\n '3.2.9SG',\n '3.2.0XO',\n '3.2.1XO',\n '3.3.0S',\n '3.3.1S',\n '3.3.2S',\n '3.3.0SE',\n '3.3.1SE',\n '3.3.2SE',\n '3.3.3SE',\n '3.3.4SE',\n '3.3.5SE',\n '3.3.0SG',\n '3.3.1SG',\n '3.3.2SG',\n '3.3.0SQ',\n '3.3.1SQ',\n '3.3.0XO',\n '3.3.1XO',\n '3.3.2XO',\n '3.4.0S',\n '3.4.1S',\n '3.4.2S',\n '3.4.3S',\n '3.4.4S',\n '3.4.5S',\n '3.4.6S',\n '3.4.0SG',\n '3.4.1SG',\n '3.4.2SG',\n '3.4.3SG',\n '3.4.4SG',\n '3.4.5SG',\n '3.4.0SQ',\n '3.4.1SQ',\n '3.5.0E',\n '3.5.1E',\n '3.5.2E',\n '3.5.3E',\n '3.5.0S',\n '3.5.1S',\n '3.5.2S',\n '3.6.0E',\n '3.6.1E',\n '3.6.0S',\n '3.6.1S',\n '3.6.2S',\n '3.7.0E',\n '3.7.0S',\n '3.7.1S',\n '3.7.2S',\n '3.7.3S',\n '3.7.4S',\n '3.7.5S',\n '3.7.6S',\n '3.7.7S',\n '3.8.0S',\n '3.8.1S',\n '3.8.2S',\n '3.9.0S',\n '3.9.1S',\n '3.9.2S',\n '3.10.0S',\n '3.10.0a.S',\n '3.10.1S',\n '3.10.2S',\n '3.10.3S',\n '3.10.4S',\n '3.10.5S',\n '3.10.6S',\n '3.11.0S',\n '3.11.1S',\n '3.11.2S',\n '3.11.3S',\n '3.11.4S',\n '3.12.0S',\n '3.12.1S',\n '3.12.2S',\n '3.12.3S',\n '3.13.0S',\n '3.13.1S',\n '3.13.2S',\n '3.14.0S',\n '3.14.1S',\n '3.14.2S',\n '3.14.3S',\n '3.14.4S',\n '3.15.0S' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-10-09T15:20:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "description": "Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.\n Versions of this package are affected by one or more vulnerabilities that could allow an\n unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time\n being advertised by a device acting as a Network Time Protocol (NTP) server.\n\n On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory\n detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,\n and logic issues that may allow an attacker to shift a client", "modified": "2019-10-09T00:00:00", "published": "2016-05-18T00:00:00", "id": "OPENVAS:1361412562310105726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105726", "type": "openvas", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:ip_interoperability_and_collaboration_system\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105726\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7975\", \"CVE-2015-7976\", \"CVE-2015-7978\", \"CVE-2015-7977\", \"CVE-2015-7979\", \"CVE-2015-8138\", \"CVE-2015-8139\", \"CVE-2015-8140\", \"CVE-2015-8158\", \"CVE-2015-7973\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.\n Versions of this package are affected by one or more vulnerabilities that could allow an\n unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time\n being advertised by a device acting as a Network Time Protocol (NTP) server.\n\n On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory\n detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,\n and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in\n this document are as follows: CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated\n Broadcast Mode Vulnerability CVE-2015-7974: Network Time Protocol Missing Trusted Key Check CVE-2015-\n 7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check CVE-2015-7976:\n Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in\n Filenames CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of\n Service Vulnerability CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service CVE-2015-\n 7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service CVE-2015-8138: Network Time\n Protocol Zero Origin Timestamp Bypass CVE-2015-8139: Network Time Protocol Information Disclosure of\n Origin Timestamp CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack CVE-2015-\n 8158: Standard and Special Network Time Protocol Query Program Infinite loop\n\n Cisco has released software updates that address these vulnerabilities.\n\n Workarounds that address some of these vulnerabilities may be available. Available workarounds will\n be documented in the corresponding Cisco bug for each affected product.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-18 10:53:18 +0200 (Wed, 18 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ipics_version.nasl\");\n script_mandatory_keys(\"cisco/ipics/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n '1.0(1.1)',\n '4.0(1)',\n '4.5(1)',\n '4.6(1)',\n '4.7(1)',\n '4.8(2)' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "description": "Several vulnerabilities were discovered\nin the Network Time Protocol daemon and utility programs:\n\nCVE-2015-7974\nMatt Street discovered that insufficient key validation allows\nimpersonation attacks between authenticated peers.\n\nCVE-2015-7977CVE-2015-7978Stephen Gray discovered that a NULL pointer dereference\nand a buffer overflow in the handling of ntpdc reslist\ncommands may\nresult in denial of service.\n\nCVE-2015-7979\nAanchal Malhotra discovered that if NTP is configured for broadcast\nmode, an attacker can send malformed authentication packets which\nbreak associations with the server for other broadcast clients.\n\nCVE-2015-8138\nMatthew van Gundy and Jonathan Gardner discovered that missing\nvalidation of origin timestamps in ntpd clients may result in denial\nof service.\n\nCVE-2015-8158\nJonathan Gardner discovered that missing input sanitising in ntpq\nmay result in denial of service.\n\nCVE-2016-1547\nStephen Gray and Matthew van Gundy discovered that incorrect handling\nof crypto NAK packets may result in denial of service.\n\nCVE-2016-1548\nJonathan Gardner and Miroslav Lichvar discovered that ntpd clients\ncould be forced to change from basic client/server mode to interleaved\nsymmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\nMatthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\nthat timing leaks in the the packet authentication code could result\nin recovery of a message digest.\n\nCVE-2016-2516Yihan Lian discovered that duplicate IPs on unconfig\ndirectives will\ntrigger an assert.\n\nCVE-2016-2518\nYihan Lian discovered that an OOB memory access could potentially\ncrash ntpd.", "modified": "2019-03-18T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:1361412562310703629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703629", "type": "openvas", "title": "Debian Security Advisory DSA 3629-1 (ntp - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3629.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3629-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703629\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-7974\", \"CVE-2015-7977\", \"CVE-2015-7978\", \"CVE-2015-7979\",\n \"CVE-2015-8138\", \"CVE-2015-8158\", \"CVE-2016-1547\", \"CVE-2016-1548\",\n \"CVE-2016-1550\", \"CVE-2016-2516\", \"CVE-2016-2518\");\n script_name(\"Debian Security Advisory DSA 3629-1 (ntp - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:56:41 +0530 (Tue, 02 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3629.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"ntp on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1.\n\nWe recommend that you upgrade your ntp packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin the Network Time Protocol daemon and utility programs:\n\nCVE-2015-7974\nMatt Street discovered that insufficient key validation allows\nimpersonation attacks between authenticated peers.\n\nCVE-2015-7977CVE-2015-7978Stephen Gray discovered that a NULL pointer dereference\nand a buffer overflow in the handling of ntpdc reslist\ncommands may\nresult in denial of service.\n\nCVE-2015-7979\nAanchal Malhotra discovered that if NTP is configured for broadcast\nmode, an attacker can send malformed authentication packets which\nbreak associations with the server for other broadcast clients.\n\nCVE-2015-8138\nMatthew van Gundy and Jonathan Gardner discovered that missing\nvalidation of origin timestamps in ntpd clients may result in denial\nof service.\n\nCVE-2015-8158\nJonathan Gardner discovered that missing input sanitising in ntpq\nmay result in denial of service.\n\nCVE-2016-1547\nStephen Gray and Matthew van Gundy discovered that incorrect handling\nof crypto NAK packets may result in denial of service.\n\nCVE-2016-1548\nJonathan Gardner and Miroslav Lichvar discovered that ntpd clients\ncould be forced to change from basic client/server mode to interleaved\nsymmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\nMatthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\nthat timing leaks in the the packet authentication code could result\nin recovery of a message digest.\n\nCVE-2016-2516Yihan Lian discovered that duplicate IPs on unconfig\ndirectives will\ntrigger an assert.\n\nCVE-2016-2518\nYihan Lian discovered that an OOB memory access could potentially\ncrash ntpd.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.8p7+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.8p7+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.8p7+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntp\", ver:\"1:4.2.6.p5+dfsg-7+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"1:4.2.6.p5+dfsg-7+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"1:4.2.6.p5+dfsg-7+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "talos": [{"lastseen": "2019-05-29T19:19:52", "bulletinFamily": "info", "cvelist": ["CVE-2015-8138"], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0077\n\n## Network Time Protocol Origin Timestamp Check Impersonation Vulnerability\n\n##### January 19, 2016\n\n##### CVE Number\n\nCVE-2015-8138\n\nCERT VU#357792\n\n### Summary\n\nTo distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in an incoming packet matches the transmit timestamp it transmitted in its last request. A logic error exists that allows packets with an origin timestamp of zero to bypass this check whenever there is not an outstanding request to the server.\n\nIt appears this defect applies to all modes except interleaved and broadcast modes and was introduced in version 4.2.5p179.\n\n### Tested Versions\n\nntp 4.2.8p3 \nNTPsec aa48d001683e5b791a743ec9c575aaf7d867a2b0c\n\n### Product URLs\n\n<http://www.ntp.org> \n<http://www.ntpsec.org/>\n\n### CVSS Score\n\nCVSSv2: 5.0 - AV:N/AC:L/Au:N/C:N/I:P/A:N \nCVSSv3: 5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n\n### Details\n\nreceive() in ntp_proto.c contains the following sanity check for the origin timestamp when running in basic mode:\n \n \n if (!L_ISEQU(&p_org, &peer->aorg)) {\n peer->bogusorg++;\n peer->flash |= TEST2; /* bogus */\n if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,\n &peer->dst)) {\n peer->flip = 1;\n report_event(PEVNT_XLEAVE, peer, NULL);\n }\n } else {\n L_CLR(&peer->aorg);\n }\n \n\nIf the incoming origin timestamp is not equal to the stored origin timestamp in the peer structure, the packet is marked as bogus and will be ignored. If the origin timestamp matches the saved origin timestamp in the peer structure, the origin timestamp in the peer structure is zeroed out.\n\nThis means an attacker can spoof the peer server and send a time update with a zero origin timestamp. The client will check that incoming timestamp against the one stored in the peer, which is zero. The timestamps will match and the client will process the incoming packet for time. The client is not in a state in which it is expecting a reply from the server, but it processes it anyway.\n\nWe have successfully used this vulnerability to force a client to move its time. Our proof-of-concept requires no authentication or special access and works for any client configured in basic mode.\n\nWe can maintain the client at our spoofed time by sending regular updates, every 5 seconds for example, enough to overcome the real server time updates in the clock selection process. The client will oscillate between the peered and rejected state with the peer since it is receiving drastically different times between the spoofed and real packets.\n\nIn order to be considered for clock selection, we have to ensure that the measured dispersion and delay for our packets are low. We achieve this by setting the receive timestamp to the offset value by which we want to move the clock for the initial time change. For example, to move the clock 20 years forward we set the transmit timestamp to (current time + 630720000) and the receive timestamp to 630720000. We also must set the precision to -128 to minimize the dispersion. Once the time has changed, we can maintain that spoofed time by changing receive to zero and keeping transmit the same. This keeps the delay low enough to be considered in clock selection.\n\nAdditionally, even when the update has too large of an offset or too big of a delay to win the clock selection, we can at least use the zero origin timestamp to make a client ignore real time updates in some instances by forcing the client to think a real server update is a popcorn spike.\n\n### Recommended Fix\n\nIdeally, the client would not process any packet from a peer if it did not have an active request out.\n\n### Timeline\n\n2015-10-16 - Vendor Disclosure \n2016-01-19 - Public Release\n\n##### Credit\n\nMatthew Van Gundy and Jonathan Gardner\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0078\n\nPrevious Report\n\nTALOS-2016-0076\n", "edition": 10, "modified": "2016-01-19T00:00:00", "published": "2016-01-19T00:00:00", "id": "TALOS-2016-0077", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0077", "title": "Network Time Protocol Origin Timestamp Check Impersonation Vulnerability", "type": "talos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-01T21:25:10", "bulletinFamily": "info", "cvelist": ["CVE-2015-8138", "CVE-2015-8139"], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0078\n\n## Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability\n\n##### January 19, 2016\n\n##### CVE Number\n\nCVE-2015-8139\n\nCERT VU#357792\n\n### Summary\n\nTo prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will know the value of the transmit timestamp, this prevents an attacker from forging replies.\n\nUnfortunately, ntpq and ntpdc will disclose the value of the origin timestamp expected in the next peer response to any clients that are authorized to make ntpq (respectively ntpdc) queries.\n\nThis vulnerability appears to have been present in ntpd since, at least, 4.0.94 of May 1999. It appears in the earliest commit in the NTP project git repository.\n\n### Tested Versions\n\nntp 4.2.8p3 \nNTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92\n\n### Product URLs\n\n<http://www.ntp.org> \n<http://www.ntpsec.org/>\n\n### CVSS Score\n\nCVSSv2: 5.0 - AV:N/AC:L/Au:N/C:P/I:N/A:N \nCVSSv3: 5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n\n### Details\n\nHere is an example from ntpq:\n \n \n ntpq> peer\n remote refid st t when poll reach delay offset jitter\n ==============================================================================\n *server .LOCL. 1 u 69 64 76 0.525 35.063 23.483\n ntpq> as\n \n ind assid status conf reach auth condition last_event cnt\n ===========================================================\n 1 43286 965a yes yes none sys.peer sys_peer 5\n ntpq> rv 43286 org\n org=d9c79a63.b05e631b Tue, Oct 13 2015 14:57:39.688\n \n\nHere is an example from ntpdc:\n \n \n ntpdc> showpeer 192.168.33.10\n remote 192.168.33.10, local 192.168.33.11\n ...\n reference time: d9c79a0e.1ef70a98 Tue, Oct 13 2015 14:56:14.120\n originate timestamp: d9c79a63.b05e631b Tue, Oct 13 2015 14:57:39.688\n receive timestamp: d9c79a20.b9d5ee3d Tue, Oct 13 2015 14:56:32.725\n transmit timestamp: d9c79a20.b9d5ee3d Tue, Oct 13 2015 14:56:32.725\n \n\nFor associations that do not employ authentication, response packets are only authenticated using the packet source address and the expected origin timestamp. The necessary ntpq and ntpdc commands do not require authentication. As a result, an unauthenticated off-path attacker that can spoof the source address of a remote peer can forge responses from that peer using this vulnerability.\n\nThere is an interplay between this vulnerability and the 0rigin (zero origin) vulnerability (CVE-2015-8138). Because the 0rigin vulnerability resets the expected origin timestamp from live servers to zero when a response with the correct origin timestamp is received, forging responses from live servers is trivial. This vulnerability gives attackers the additional power to forge responses from unreachable peers and symmetric peers.\n\n### Mitigation\n\nThe peer origin variable is read via ntpq (mode 6) packets with a non-zero association id, opcode equal to READVAR (2), and the variable name \u201corg\u201d.\n\nIt can also be read with ntpdc (mode 7) packets with a request code of PEER_INFO (2).\n\nThis vulnerability can be mitigated by adding the `noquery` option to all restrict entries as in:\n \n \n restrict -4 default noquery ...\n restrict -6 default noquery ...\n restrict 127.0.0.1 noquery ...\n restrict ::1 noquery ...\n \n\nWARNING: Common configurations allow local users to send ntpq and ntpdc requests to the local ntpd using permissive restrict entries. This will allow malicious, unprivileged, local users to discover the value of the origin timestamp necessary to spoof responses from ntpd peers. Therefore, we DO NOT recommend the common practice of allowing queries from localhost.\n\nUnfortunately, despite the impression given by NTP\u2019s documentation, the `notrust` restrict option CANNOT be used to mitigate this vulnerability because it DOES NOT have any effect on ntpq and ntpdc requests.\n\n### Timeline\n\n2015-10-16 - Vendor Disclosure \n2016-01-19 - Public Release\n\n##### Credit\n\nMatthew Van Gundy\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0079\n\nPrevious Report\n\nTALOS-2016-0077\n", "edition": 11, "modified": "2016-01-19T00:00:00", "published": "2016-01-19T00:00:00", "id": "TALOS-2016-0078", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0078", "title": "Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability", "type": "talos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-01T21:24:56", "bulletinFamily": "info", "cvelist": ["CVE-2015-8138", "CVE-2016-9042", "CVE-2016-7431"], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0260\n\n## Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability\n\n##### March 29, 2017\n\n##### CVE Number\n\nCVE-2016-9042\n\n### Summary\n\nAn exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.\n\n### Tested Versions\n\nNTP 4.2.8p9\n\n### Product URLs\n\nhttp://www.ntp.org\n\n### CVSSv3 Score\n\nCVSSv2: 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3: 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\n\n### Details\n\nIn most modes, NTP prevents spoofing by off-path attackers by verifying that the origin timestamp of an incoming NTP packet matches the transmit timestamp on the daemon\u2019s last outgoing packet \u2014 using the transmit and origin timestamps as a per-request nonce. This test described in RFC 5905 and dubbed `TEST2` in ntpd\u2019s source code. To prevent an NTP daemon from accepting responses to duplicated request packets, RFC 5095 also specifies that the expected origin timestamp should be set to zero after successfully validating the origin timestamp of an incoming packet. Unfortunately, ntpd releases before 4.2.8p9 did not correctly reject incoming packets bearing a zero origin timestamp. This allowed a trivial bypass of TEST2, the origin timestamp check, by setting the origin timestamp on spoofed packets equal to zero (CVE-2015-8138,CVE-2016-7431).\n\nntp-4.2.8p9 fixes CVE-2015-8138 by rejecting packets with zero origin timestamps in all modes where that is not expected legitimate behavior. However, for reasons unknown, before rejecting a packet bearing a zero origin timestamp, ntp-4.2.8p9 clears the expected origin timestamp (peer-&gt;aorg) as can be seen in the following abstracted code:\n \n \n if (0) {\n } else if (L_ISZERO(&p_org)) {\n char *action;\n \n L_CLR(&peer->aorg);\n ...\n peer->bogusorg++;\n peer->flash |= TEST2;\t/* bogus */\n ... /* packet will be dropped */\n } else if (!L_ISEQU(&p_org, &peer->aorg)) {\n peer->bogusorg++;\n peer->flash |= TEST2; /* bogus */\n ... /* packet will be dropped */\n } else {\n L_CLR(&peer->aorg);\n }\n \n\nThis leads to a trivial denial of service. An unauthenticated network attacker who knows the address of one of the peers of a victim ntpd process can send the victim ntpd spoofed packets with the source address of the peer and a zero origin timestamp in order to reset peer-&gt;aorg for that peer. This will cause the next packet sent from the peer to fail the origin timestamp check (TEST2) and be dropped. The attacker can repeat this each poll period for all known peers in order to prevent their packets from being accepted by the victim ntpd.\n\nThis attack is very effective against symmetric associations where the duration between an outgoing packet from the victim ntpd and its \u201cresponse\u201d will be on the order of seconds to minutes. The attack is more difficult for client-server associations where the request-response window is likely to be on the order of milliseconds. However, if the attacker can observe the victim ntpd\u2019s request packet, it can attempt to race the remote peer\u2019s legitimate response.\n\nAn attacker can learn the currently selected peer of a victim ntpd process by sending the victim a client mode request and reading the peer\u2019s address from the refid field of the victim\u2019s response. This allows the attacker to target the currently selected peer one at a time until it has learned and targeted all peers of the victim ntpd process. If the victim allows NTP control queries or the attacker can observe the victim\u2019s NTP traffic, the attacker can easily learn all the victim\u2019s peers.\n\nThe call to L_CLR(&amp;peer-&gt;aorg) when a zero-origin timestamp packet is received appears unnecessary and should be removed. To see that clearing peer-&gt;aorg is unnecessary, let\u2019s consider the operation of each NTP mode in turn after omitting the L_CLR(&amp;peer-&gt;aorg):\n\n * Client-Server: Servers are stateless, so the change has no effect on them. Clients should not be sending requests with zero transmit timestamps and, therefore, should not be receiving responses with zero origin timestamps. Thus, removing the L_CLR(&amp;peer-&gt;aorg) should have no effect on legitimate client-server behavior.\n\n * Broadcast: Broadcast packets are handled separately and thus are not influenced by the behavior of this code.\n\n * Symmetric (Active and Passive): When two symmetric peers are synchronized to a legitimate time source (0 &lt; stratum &lt; 16) and the association between them is fully operational, the origin timestamp on incoming packets will be non-zero and equal to peer-&gt;aorg, thus avoiding the L_CLR(&amp;peer-&gt;aorg). The interesting cases occur when there is packet loss or one peer resets their association (e.g. ntpd is restarted).\n\nWithout loss of generality, let A be the sender and B the recipient of the first packet with pkt-&gt;org != peer-&gt;aorg. If A reset its association with B, pkt-&gt;org == 0. Otherwise, pkt-&gt;org != 0 &amp;&amp; pkt-&gt;org != peer-&gt;aorg. In either case, B will mark the packet as having failed TEST2. However, if the packet is authenticated correctly for the association, B will update peer-&gt;xmt = pkt-&gt;xmt before rejecting the packet due to failing TEST2. In B\u2019s next packet to A, it will set pkt-&gt;org = peer-&gt;xmt and peer-&gt;aorg = pkt-&gt;xmt, ensuring that the packet will pass TEST2 at A, causing it to be accepted by A, and overwriting any previous value of peer-&gt;aorg at B. A will update its peer variables for B as well, ensuring that A\u2019s next packet will be accepted by B. From this point on, the symmetric association between A and B has successfully resynchronized.\n\nThus, we see that recovery from packet loss or peer restart is not hampered by allowing peer-&gt;aorg to maintain its previous value when a packet with a zero origin timestamp is received. Further to the point, ntpd versions prior to ntp-4.2.8p6 did not clear peer-&gt;aorg upon receipt of a packet bearing a zero origin timestamp.\n\n### Mitigation\n\nThe only ntpd-based mitigations for this vulnerability are to try to make it harder for an attacker to guess the peers of ntpd instances and to monitor ntpd logs for messages such as the following:\n \n \n ntpd[16767]: receive: Drop 0 origin timestamp from sym_active@192.168.33.12 xmt 0xdbe84918.63324800\n \n ntpd[16767]: receive: Unexpected origin timestamp 0xdbe849a1.279a6fea does not match aorg 0000000000.00000000 from sym_active@192.168.33.12 xmt 0xdbe849a4.52a12e3a\n \n\nAll ntpd instances should be configured to block control queries from untrusted servers. This is best practice.\n\nAll ntpd clients should block all incoming traffic that does not originate from a known peer address. This can be accomplished with a stateful firewall.\n\nBecause peer-&gt;aorg is cleared before authentication is enforced, enabling NTP authentication does not prevent exploitation of this vulnerability.\n\n### Timeline\n\n2017-01-04 - Vendor Disclosure \n2017-03-29 - Public Release \n\n\n##### Credit\n\nDiscovered by Matthew Van Gundy of Cisco ASIG.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0230\n\nPrevious Report\n\nTALOS-2017-0269\n", "edition": 15, "modified": "2017-03-29T00:00:00", "published": "2017-03-29T00:00:00", "id": "TALOS-2016-0260", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260", "title": "Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability", "type": "talos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-01T21:25:14", "bulletinFamily": "info", "cvelist": ["CVE-2016-1548", "CVE-2015-8138", "CVE-2015-8139", "CVE-2016-9310"], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0203\n\n## Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability\n\n##### November 21, 2016\n\n##### CVE Number\n\nCVE-2016-9310\n\n### Summary\n\nAn exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.\n\n### Tested Versions\n\nNTP 4.2.8p3 \nNTP 4.2.8p8 \nNTPsec 0.9.1 \nNTPsec 0.9.3\n\n### Product URLs\n\nhttp://www.ntp.org \nhttp://www.ntpsec.org/\n\n### CVSS Scores\n\nCVSSv2: 6.4 - (AV:N/AC:L/Au:N/C:P/I:P/A:N) \nCVSSv3: 6.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\n\n### Details\n\nntpd provides a `trap` functionality that sends asynchronous notifications to a number of `trap receivers` whenever an event of interest occurs. Example events of interest include: association mobilization and demobilization, authentication failures, reachability changes, etc.\n\nSince at least ntp-4.0.94 (July 21, 1999), ntpd has allowed traps to be configured via control (mode 6) and private (mode 7) NTP modes. Though private mode requires messages modifying trap settings to be be authenticated, control mode allows unauthenticated packets to modify trap settings using the `SETTRAP` and `UNSETTRAP` control messages.\n\nThis vulnerability can be used to achieve several goals:\n\n * Time Shifting: If an attacker controls a host that is allowed to receive traps (i.e. not restricted by `restrict noquery` or `restrict notrap`), the attacker can instruct a victim ntpd instance to send traps to the attacker\u2019s host. Whenever a reportable event occurs for some peer, the victim ntpd will send a trap to the attacker leaking all the peer variables associated with that peer. The information leaked includes the peer\u2019s org and rec variables allowing the attacker to bypass TEST2 and impersonate said peer in a manner similar to CVE-2015-8139 and CVE-2016-1548.\n\nThe attacker can force the victim ntpd to leak the information for any peer at any time by triggering a reportable event for said peer. There are multiple methods to trigger a reportable event for a peer, among them spoofing an invalid crypto-NAK or incorrectly authenticated packet from the peer.\n\nNOTE: With ntp-4.2.8p8 and earlier the 0rigin attack (CVE-2015-8138) [1] already allows impersonation of reachable peers. In those ntpd versions, this vulnerability provides another method for impersonating unreachable peers.\n\n * DDoS Amplification: An attacker can use an ntpd instance as a DDoS amplifier to DDoS hosts that are allowed to receive traps from the ntpd instance using the following technique. The amplification factor is 12-13x.\n\nThe attacker forges a `SETTRAP` packet from the `victim` to the `amplifier`, causing the `amplifier` to set a trap for the `victim`. The attacker then repeatedly triggers reportable events causing trap messages to be sent to the victim. E.g. the attacker rapidly forges invalid crypto-NAKs and/or bad_auth packets from the `victim`\u2019s `sys_peer`.\n\nntpd attempts to limit the number of consecutive traps sent for events of a single type. To maximize effect, the attacker can alternate between events of different types.\n\nntpd will periodically time out old traps when a new one is set. Therefore, for a long-term attack, the attacker may need to periodically refresh the trap on the `amplifier`.\n\n * Evading Monitoring: In an environment where dynamically configured traps are used to modify an ntpd instance, an unauthenticated attacker can remove traps set by legitimate monitoring systems by spoofing the source address of the `trap receiver` in an `UNSETTRAP` message.\n\nAuthentication should be required in order to modify trap configuration.\n\n### Mitigation\n\nSeveral mitigations can lessen the impact of this vulnerability.\n\n 1. Unauthorized hosts can be prevented from receiving traps using the `restrict default notrap` restriction. This setting is the default on many modern Linux systems.\n\nThis mitigation has no effect on the \u201cEvading Monitoring\u201d impact described above because the alleged sender of the packet is an authorized trap receiver.\n\n 2. Block NTP control mode trap configuration commands using a firewall or IPS. It does not appear that support for configuring control mode traps was ever implemented in ntpq, the reference NTP control mode client. As such, on most networks blocking control mode trap configuration commands should have no effect on legitimate traffic. Specifically, firewalls should block packets with the following characteristics:\n\n * UDP Destination Port: 123\n * NTP Mode: 6\n * NTP Control Operation Code: 6 (SETTRAP) or 31 (UNSETTRAP)\n\nTraps specified in ntp.conf cannot be modified using this vulnerability.\n\n[1] http://www.talosintelligence.com/reports/TALOS-2016-0077/\n\n### Timeline\n\n2016-09-20 - Vendor Disclosure \n2016-11-21 - Public Release\n\n##### Credit\n\nDiscovered by Matthew Van Gundy of Cisco ASIG.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0131\n\nPrevious Report\n\nTALOS-2016-0204\n", "edition": 11, "modified": "2016-11-21T00:00:00", "published": "2016-11-21T00:00:00", "id": "TALOS-2016-0203", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0203", "title": "Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability", "type": "talos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0063\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nIt was discovered that ntpd as a client did not correctly check the\noriginate timestamp in received packets. A remote attacker could use this\nflaw to send a crafted packet to an ntpd client that would effectively\ndisable synchronization with the server, or push arbitrary offset/delay\nmeasurements to modify the time on the client. (CVE-2015-8138)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033661.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033662.html\n\n**Affected packages:**\nntp\nntp-doc\nntp-perl\nntpdate\nsntp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0063.html", "edition": 3, "modified": "2016-01-25T15:08:59", "published": "2016-01-25T14:27:37", "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/033661.html", "id": "CESA-2016:0063", "title": "ntp, ntpdate, sntp security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138"], "description": "[4.2.6p5-5.el6_7.4]\n- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)", "edition": 4, "modified": "2016-01-25T00:00:00", "published": "2016-01-25T00:00:00", "id": "ELSA-2016-0063", "href": "http://linux.oracle.com/errata/ELSA-2016-0063.html", "title": "ntp security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-19T13:29:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7703", "CVE-2015-8138", "CVE-2015-7977", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7691", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7978"], "description": "[4.2.6p5-10]\n- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)\n- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)\n[4.2.6p5-9]\n- fix crash with invalid logconfig command (CVE-2015-5194)\n- fix crash when referencing disabled statistic type (CVE-2015-5195)\n- don't hang in sntp with crafted reply (CVE-2015-5219)\n- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7702)\n- fix memory leak with autokey (CVE-2015-7701)\n- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)\n- don't crash in ntpq with crafted packet (CVE-2015-7852)\n- add option to set Differentiated Services Code Point (DSCP) (#1228314)\n- extend rawstats log (#1242895)\n- fix resetting of leap status (#1243034)\n- report clock state changes related to leap seconds (#1242937)\n- allow -4/-6 on restrict lines with mask (#1232146)\n- retry joining multicast groups (#1288534)\n- explain synchronised state in ntpstat man page (#1286969)\n[4.2.6p5-7]\n- check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)\n- allow only one step larger than panic threshold with -g (CVE-2015-5300)", "edition": 7, "modified": "2016-05-12T00:00:00", "published": "2016-05-12T00:00:00", "id": "ELSA-2016-0780", "href": "http://linux.oracle.com/errata/ELSA-2016-0780.html", "title": "ntp security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-19T13:23:34", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2015-5219", "CVE-2013-5211", "CVE-2015-7979", "CVE-2015-7701", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-5195", "CVE-2015-7974", "CVE-2015-7978"], "description": "[4.2.6p5-25.0.1]\n- add disable monitor to default ntp.conf [CVE-2013-5211]\n[4.2.6p5-25]\n- don't allow spoofed packet to enable symmetric interleaved mode\n (CVE-2016-1548)\n- check mode of new source in config command (CVE-2016-2518)\n- make MAC check resilient against timing attack (CVE-2016-1550)\n[4.2.6p5-24]\n- fix crash with invalid logconfig command (CVE-2015-5194)\n- fix crash when referencing disabled statistic type (CVE-2015-5195)\n- don't hang in sntp with crafted reply (CVE-2015-5219)\n- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7702)\n- fix memory leak with autokey (CVE-2015-7701)\n- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)\n- don't crash in ntpq with crafted packet (CVE-2015-7852)\n- check key ID in packets authenticated with symmetric key (CVE-2015-7974)\n- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)\n- don't allow spoofed packets to demobilize associations (CVE-2015-7979,\n CVE-2016-1547)\n- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)\n- fix infinite loop in ntpq/ntpdc (CVE-2015-8158)\n- fix resetting of leap status (#1242553)\n- extend rawstats log (#1242877)\n- report clock state changes related to leap seconds (#1242935)\n- allow -4/-6 on restrict lines with mask (#1304492)\n- explain synchronised state in ntpstat man page (#1309594)", "edition": 6, "modified": "2016-11-09T00:00:00", "published": "2016-11-09T00:00:00", "id": "ELSA-2016-2583", "href": "http://linux.oracle.com/errata/ELSA-2016-2583.html", "title": "ntp security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T12:01:00", "description": "### Summary\r\nAn exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.\r\n\r\n### Tested Versions\r\nNTP 4.2.8p9\r\n\r\n### Product URLs\r\nhttp://www.ntp.org\r\n\r\n### CVSSv3 Score\r\nCVSSv2: 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3: 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\r\n\r\n### Details\r\nIn most modes, NTP prevents spoofing by off-path attackers by verifying that the origin timestamp of an incoming NTP packet matches the transmit timestamp on the daemon's last outgoing packet --- using the transmit and origin timestamps as a per-request nonce. This test described in RFC 5905 and dubbed TEST2 in ntpd's source code. To prevent an NTP daemon from accepting responses to duplicated request packets, RFC 5095 also specifies that the expected origin timestamp should be set to zero after successfully validating the origin timestamp of an incoming packet. Unfortunately, ntpd releases before 4.2.8p9 did not correctly reject incoming packets bearing a zero origin timestamp. This allowed a trivial bypass of TEST2, the origin timestamp check, by setting the origin timestamp on spoofed packets equal to zero (CVE-2015-8138,CVE-2016-7431).\r\n\r\nntp-4.2.8p9 fixes CVE-2015-8138 by rejecting packets with zero origin timestamps in all modes where that is not expected legitimate behavior. However, for reasons unknown, before rejecting a packet bearing a zero origin timestamp, ntp-4.2.8p9 clears the expected origin timestamp (peer->aorg) as can be seen in the following abstracted code:\r\n```\r\nif (0) {\r\n} else if (L_ISZERO(&p_org)) {\r\n char *action;\r\n\r\n L_CLR(&peer->aorg);\r\n ...\r\n peer->bogusorg++;\r\n peer->flash |= TEST2; /* bogus */\r\n ... /* packet will be dropped */\r\n} else if (!L_ISEQU(&p_org, &peer->aorg)) {\r\n peer->bogusorg++;\r\n peer->flash |= TEST2; /* bogus */\r\n ... /* packet will be dropped */\r\n} else {\r\n L_CLR(&peer->aorg);\r\n}\r\n```\r\n\r\nThis leads to a trivial denial of service. An unauthenticated network attacker who knows the address of one of the peers of a victim ntpd process can send the victim ntpd spoofed packets with the source address of the peer and a zero origin timestamp in order to reset peer->aorg for that peer. This will cause the next packet sent from the peer to fail the origin timestamp check (TEST2) and be dropped. The attacker can repeat this each poll period for all known peers in order to prevent their packets from being accepted by the victim ntpd.\r\n\r\nThis attack is very effective against symmetric associations where the duration between an outgoing packet from the victim ntpd and its \"response\" will be on the order of seconds to minutes. The attack is more difficult for client-server associations where the request-response window is likely to be on the order of milliseconds. However, if the attacker can observe the victim ntpd's request packet, it can attempt to race the remote peer's legitimate response.\r\n\r\nAn attacker can learn the currently selected peer of a victim ntpd process by sending the victim a client mode request and reading the peer's address from the refid field of the victim's response. This allows the attacker to target the currently selected peer one at a time until it has learned and targeted all peers of the victim ntpd process. If the victim allows NTP control queries or the attacker can observe the victim's NTP traffic, the attacker can easily learn all the victim's peers.\r\n\r\nThe call to LCLR(&peer->aorg) when a zero-origin timestamp packet is received appears unnecessary and should be removed. To see that clearing peer->aorg is unnecessary, let's consider the operation of each NTP mode in turn after omitting the LCLR(&peer->aorg):\r\n\r\n* Client-Server: Servers are stateless, so the change has no effect on them. Clients should not be sending requests with zero transmit timestamps and, therefore, should not be receiving responses with zero origin timestamps. Thus, removing the L_CLR(&peer->aorg) should have no effect on legitimate client-server behavior.\r\n* Broadcast: Broadcast packets are handled separately and thus are not influenced by the behavior of this code.\r\n* Symmetric (Active and Passive): When two symmetric peers are synchronized to a legitimate time source (0 < stratum < 16) and the association between them is fully operational, the origin timestamp on incoming packets will be non-zero and equal to peer->aorg, thus avoiding the L_CLR(&peer->aorg). The interesting cases occur when there is packet loss or one peer resets their association (e.g. ntpd is restarted).\r\n\r\n\r\nWithout loss of generality, let A be the sender and B the recipient of the first packet with pkt->org != peer->aorg. If A reset its association with B, pkt->org == 0. Otherwise, pkt->org != 0 && pkt->org != peer->aorg. In either case, B will mark the packet as having failed TEST2. However, if the packet is authenticated correctly for the association, B will update peer->xmt = pkt->xmt before rejecting the packet due to failing TEST2. In B's next packet to A, it will set pkt->org = peer->xmt and peer->aorg = pkt->xmt, ensuring that the packet will pass TEST2 at A, causing it to be accepted by A, and overwriting any previous value of peer->aorg at B. A will update its peer variables for B as well, ensuring that A's next packet will be accepted by B. From this point on, the symmetric association between A and B has successfully resynchronized.\r\n\r\nThus, we see that recovery from packet loss or peer restart is not hampered by allowing peer->aorg to maintain its previous value when a packet with a zero origin timestamp is received. Further to the point, ntpd versions prior to ntp-4.2.8p6 did not clear peer->aorg upon receipt of a packet bearing a zero origin timestamp.\r\n\r\n### Mitigation\r\nThe only ntpd-based mitigations for this vulnerability are to try to make it harder for an attacker to guess the peers of ntpd instances and to monitor ntpd logs for messages such as the following:\r\n```\r\nntpd[16767]: receive: Drop 0 origin timestamp from sym_active@192.168.33.12 xmt 0xdbe84918.63324800\r\n\r\nntpd[16767]: receive: Unexpected origin timestamp 0xdbe849a1.279a6fea does not match aorg 0000000000.00000000 from sym_active@192.168.33.12 xmt 0xdbe849a4.52a12e3a\r\n```\r\nAll ntpd instances should be configured to block control queries from untrusted servers. This is best practice.\r\n\r\nAll ntpd clients should block all incoming traffic that does not originate from a known peer address. This can be accomplished with a stateful firewall.\r\n\r\nBecause peer->aorg is cleared before authentication is enforced, enabling NTP authentication does not prevent exploitation of this vulnerability.\r\n### Timeline\r\n* 2017-01-04 - Vendor Disclosure\r\n* 2017-03-29 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Matthew Van Gundy of Cisco ASIG.", "published": "2017-09-20T00:00:00", "type": "seebug", "title": "Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8138", "CVE-2016-7431", "CVE-2016-9042"], "modified": "2017-09-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96543", "id": "SSV:96543", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T12:15:06", "description": "### Summary\r\nAn exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.\r\n\r\n### Tested Versions\r\n* NTP 4.2.8p3\r\n* NTP 4.2.8p8\r\n* NTPsec 0.9.1\r\n* NTPsec 0.9.3\r\n\r\n### Product URLs\r\n* http://www.ntp.org\r\n* http://www.ntpsec.org/\r\n\r\n### CVSS Scores\r\n* CVSSv2: 6.4 - (AV:N/AC:L/Au:N/C:P/I:P/A:N)\r\n* CVSSv3: 6.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\r\n\r\n### Details\r\nntpd provides a `trap` functionality that sends asynchronous notifications to a number of `trap receivers` whenever an event of interest occurs. Example events of interest include: association mobilization and demobilization, authentication failures, reachability changes, etc.\r\n\r\nSince at least ntp-4.0.94 (July 21, 1999), ntpd has allowed traps to be configured via control (mode 6) and private (mode 7) NTP modes. Though private mode requires messages modifying trap settings to be be authenticated, control mode allows unauthenticated packets to modify trap settings using the `SETTRAP` and `UNSETTRAP` control messages.\r\n\r\nThis vulnerability can be used to achieve several goals:\r\n\r\n* Time Shifting: If an attacker controls a host that is allowed to receive traps (i.e. not restricted by `restrict noquery` or `restrict notrap`), the attacker can instruct a victim ntpd instance to send traps to the attacker's host. Whenever a reportable event occurs for some peer, the victim ntpd will send a trap to the attacker leaking all the peer variables associated with that peer. The information leaked includes the peer's org and rec variables allowing the attacker to bypass TEST2 and impersonate said peer in a manner similar to CVE-2015-8139 and CVE-2016-1548.\r\nThe attacker can force the victim ntpd to leak the information for any peer at any time by triggering a reportable event for said peer. There are multiple methods to trigger a reportable event for a peer, among them spoofing an invalid crypto-NAK or incorrectly authenticated packet from the peer.\r\nNOTE: With ntp-4.2.8p8 and earlier the 0rigin attack (CVE-2015-8138) [1] already allows impersonation of reachable peers. In those ntpd versions, this vulnerability provides another method for impersonating unreachable peers.\r\n\r\n* DDoS Amplification: An attacker can use an ntpd instance as a DDoS amplifier to DDoS hosts that are allowed to receive traps from the ntpd instance using the following technique. The amplification factor is 12-13x.\r\n\r\nThe attacker forges a `SETTRAP` packet from the `victim` to the `amplifier`, causing the `amplifier` to set a trap for the `victim`. The attacker then repeatedly triggers reportable events causing trap messages to be sent to the victim. E.g. the attacker rapidly forges invalid crypto-NAKs and/or bad_auth packets from the `victim`'s `sys_peer`.\r\nntpd attempts to limit the number of consecutive traps sent for events of a single type. To maximize effect, the attacker can alternate between events of different types.\r\nntpd will periodically time out old traps when a new one is set. Therefore, for a long-term attack, the attacker may need to periodically refresh the trap on the `amplifier`.\r\nEvading Monitoring: In an environment where dynamically configured traps are used to modify an ntpd instance, an unauthenticated attacker can remove traps set by legitimate monitoring systems by spoofing the source address of the `trap receiver` in an `UNSETTRAP` message.\r\n\r\nAuthentication should be required in order to modify trap configuration.\r\n\r\n### Mitigation\r\nSeveral mitigations can lessen the impact of this vulnerability.\r\n\r\n1. Unauthorized hosts can be prevented from receiving traps using the `restrict default notrap` restriction. This setting is the default on many modern Linux systems.\r\nThis mitigation has no effect on the \"Evading Monitoring\" impact described above because the alleged sender of the packet is an authorized trap receiver.\r\n2. Block NTP control mode trap configuration commands using a firewall or IPS. It does not appear that support for configuring control mode traps was ever implemented in ntpq, the reference NTP control mode client. As such, on most networks blocking control mode trap configuration commands should have no effect on legitimate traffic. Specifically, firewalls should block packets with the following characteristics:\r\n\t* UDP Destination Port: 123\r\n\t* NTP Mode: 6\r\n\t* NTP Control Operation Code: 6 (SETTRAP) or 31 (UNSETTRAP)\r\n\r\nTraps specified in ntp.conf cannot be modified using this vulnerability.\r\n[1] http://www.talosintelligence.com/reports/TALOS-2016-0077/\r\n\r\n### Timeline\r\n* 2016-09-20 - Vendor Disclosure\r\n* 2016-11-21 - Public Release", "published": "2017-10-11T00:00:00", "type": "seebug", "title": "Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8138", "CVE-2015-8139", "CVE-2016-1548", "CVE-2016-9310"], "modified": "2017-10-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96647", "id": "SSV:96647", "sourceData": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. ", "modified": "2016-01-30T18:28:19", "published": "2016-01-30T18:28:19", "id": "FEDORA:4228960617E1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: ntp-4.2.6p5-36.fc23", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5300", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7704", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7974", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. ", "modified": "2016-02-21T02:33:52", "published": "2016-02-21T02:33:52", "id": "FEDORA:AFA96612EFCF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: ntp-4.2.6p5-36.fc22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:46", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8138", "CVE-2016-4953", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7974", "CVE-2015-7978"], "description": "**Issue Overview:**\n\nIt was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. ([CVE-2015-8138 __](<https://access.redhat.com/security/cve/CVE-2015-8138>))\n\nA NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. ([CVE-2015-7977 __](<https://access.redhat.com/security/cve/CVE-2015-7977>))\n\nIt was found that NTP does not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key. ([CVE-2015-7974 __](<https://access.redhat.com/security/cve/CVE-2015-7974>))\n\nA stack-based buffer overflow was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. ([CVE-2015-7978 __](<https://access.redhat.com/security/cve/CVE-2015-7978>))\n\nIt was found that when NTP is configured in broadcast mode, an off-path attacker could broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server. This could cause the time on affected clients to become out of sync over a longer period of time. ([CVE-2015-7979 __](<https://access.redhat.com/security/cve/CVE-2015-7979>))\n\nA flaw was found in the way the ntpq client certain processed incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. ([CVE-2015-8158 __](<https://access.redhat.com/security/cve/CVE-2015-8158>))\n\nA flaw was found in ntpd that allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. ([CVE-2016-4953 __](<https://access.redhat.com/security/cve/CVE-2016-4953>))\n\n(Updated 2016-10-18: [CVE-2016-4953 __](<https://access.redhat.com/security/cve/CVE-2016-4953>) was fixed in this release but was not previously part of this errata.)\n\n \n**Affected Packages:** \n\n\nntp\n\n \n**Issue Correction:** \nRun _yum update ntp_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n ntp-4.2.6p5-36.29.amzn1.i686 \n ntpdate-4.2.6p5-36.29.amzn1.i686 \n ntp-debuginfo-4.2.6p5-36.29.amzn1.i686 \n \n noarch: \n ntp-doc-4.2.6p5-36.29.amzn1.noarch \n ntp-perl-4.2.6p5-36.29.amzn1.noarch \n \n src: \n ntp-4.2.6p5-36.29.amzn1.src \n \n x86_64: \n ntpdate-4.2.6p5-36.29.amzn1.x86_64 \n ntp-4.2.6p5-36.29.amzn1.x86_64 \n ntp-debuginfo-4.2.6p5-36.29.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2016-02-09T13:30:00", "published": "2016-02-09T13:30:00", "id": "ALAS-2016-649", "href": "https://alas.aws.amazon.com/ALAS-2016-649.html", "title": "Important: ntp", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "paloalto": [{"lastseen": "2019-05-29T23:19:22", "bulletinFamily": "software", "cvelist": ["CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "description": "The open source ntp project has been found to contain several vulnerabilities (CVE-2015-8158, CVE-2015-8138, CVE-2015-7979, CVE-2015-7978, CVE-2015-7977, CVE-2015-7976, CVE-2015-7975, CVE-2015-7974, CVE-2015-7973, all released in January 2016). Palo Alto...\n", "edition": 4, "modified": "2016-10-18T00:00:00", "published": "2016-08-15T00:00:00", "id": "PAN-SA-2016-0019", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/52", "title": "NTP Vulnerabilities", "type": "paloalto", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5300", "CVE-2015-7973", "CVE-2015-7974", "CVE-2015-7975", "CVE-2015-7976", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8158"], "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz: Upgraded.\n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p6-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p6-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p6-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p6-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n31365ae4f12849e65d4ad1c8c7d5f89a ntp-4.2.8p6-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5a2d24bdacd8dd05ab9e0613c829212b ntp-4.2.8p6-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne70f7422bc81c144e6fac1df2c202634 ntp-4.2.8p6-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nf6637f6d24b94a6b17c68467956a6283 ntp-4.2.8p6-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n82601e105f95e324dfd1e2f0df513673 ntp-4.2.8p6-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nd3ba32d46f7eef8f75a3444bbee4c677 ntp-4.2.8p6-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nc5ff13e58fbbea0b7a677e947449e7b1 ntp-4.2.8p6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9e2abfaf0b0b7bf84a8a4db89f60eff6 ntp-4.2.8p6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne1e6b84808b7562314e0e29479153553 ntp-4.2.8p6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8db0a4ca68805c7f5e487d5bcd69d098 ntp-4.2.8p6-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nf96f443f54a74c20b5eb67467f5958ea n/ntp-4.2.8p6-i586-1.txz\n\nSlackware x86_64 -current package:\n5e256f2e1906b4c75047a966996a7a41 n/ntp-4.2.8p6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p6-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "modified": "2016-02-23T19:51:20", "published": "2016-02-23T19:51:20", "id": "SSA-2016-054-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.546478", "type": "slackware", "title": "[slackware-security] ntp", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-10-25T16:36:30", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7704", "CVE-2015-8138", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1549", "CVE-2016-1550", "CVE-2016-1551", "CVE-2016-2516", "CVE-2016-2517", "CVE-2016-2518", "CVE-2016-2519"], "description": "New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded.\n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode &gt; 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n > sh /etc/rc.d/rc.ntpd restart", "modified": "2016-04-29T21:57:25", "published": "2016-04-29T21:57:25", "id": "SSA-2016-120-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.630758", "type": "slackware", "title": "[slackware-security] ntp", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:34", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "description": "Package : ntp\nVersion : 1:4.2.6.p5+dfsg-2+deb7u7\nCVE ID : CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 \n CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548\n CVE-2016-1550 CVE-2016-2516 CVE-2016-2518\n\nSeveral vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs:\n\nCVE-2015-7974\n\n Matt Street discovered that insufficient key validation allows\n impersonation attacks between authenticated peers.\n\nCVE-2015-7977 / CVE-2015-7978\n\n Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of &quot;ntpdc reslist&quot; commands may\n result in denial of service.\n\nCVE-2015-7979\n\n Aanchal Malhotra discovered that if NTP is configured for broadcast\n mode, an attacker can send malformed authentication packets which\n break associations with the server for other broadcast clients.\n\nCVE-2015-8138\n\n Matthew van Gundy and Jonathan Gardner discovered that missing\n validation of origin timestamps in ntpd clients may result in denial\n of service.\n\nCVE-2015-8158\n\n Jonathan Gardner discovered that missing input sanitising in ntpq\n may result in denial of service.\n\nCVE-2016-1547\n\n Stephen Gray and Matthew van Gundy discovered that incorrect handling\n of crypto NAK packets my result in denial of service.\n\nCVE-2016-1548\n\n Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients\n could be forced to change from basic client/server mode to interleaved\n symmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\n\n Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\n that timing leaks in the the packet authentication code could result\n in recovery of a message digest.\n\nCVE-2016-2516\n\n Yihan Lian discovered that duplicate IPs on &quot;unconfig&quot; directives will\n trigger an assert.\n\nCVE-2016-2518\n\n Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1:4.2.6.p5+dfsg-2+deb7u7.\n\nWe recommend that you upgrade your ntp packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2016-07-25T21:37:31", "published": "2016-07-25T21:37:31", "id": "DEBIAN:DLA-559-1:E64BA", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201607/msg00021.html", "title": "[SECURITY] [DLA 559-1] ntp security update", "type": "debian", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-12T00:58:07", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3629-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ntp\nCVE ID : CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 \n CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548\n CVE-2016-1550 CVE-2016-2516 CVE-2016-2518\n\nSeveral vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs:\n\nCVE-2015-7974\n\n Matt Street discovered that insufficient key validation allows\n impersonation attacks between authenticated peers.\n\nCVE-2015-7977 / CVE-2015-7978\n\n Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of &quot;ntpdc reslist&quot; commands may\n result in denial of service.\n\nCVE-2015-7979\n\n Aanchal Malhotra discovered that if NTP is configured for broadcast\n mode, an attacker can send malformed authentication packets which\n break associations with the server for other broadcast clients.\n\nCVE-2015-8138\n\n Matthew van Gundy and Jonathan Gardner discovered that missing\n validation of origin timestamps in ntpd clients may result in denial\n of service.\n\nCVE-2015-8158\n\n Jonathan Gardner discovered that missing input sanitising in ntpq\n may result in denial of service.\n\nCVE-2016-1547\n\n Stephen Gray and Matthew van Gundy discovered that incorrect handling\n of crypto NAK packets my result in denial of service.\n\nCVE-2016-1548\n\n Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients\n could be forced to change from basic client/server mode to interleaved\n symmetric mode, preventing time synchronisation.\n\nCVE-2016-1550\n\n Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\n that timing leaks in the the packet authentication code could result\n in recovery of a message digest.\n\nCVE-2016-2516\n\n Yihan Lian discovered that duplicate IPs on &quot;unconfig&quot; directives will\n trigger an assert.\n\nCVE-2016-2518\n\n Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1.\n\nWe recommend that you upgrade your ntp packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2016-07-25T21:16:04", "published": "2016-07-25T21:16:04", "id": "DEBIAN:DSA-3629-1:3CA50", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00207.html", "title": "[SECURITY] [DSA 3629-1] ntp security update", "type": "debian", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cisco": [{"lastseen": "2020-12-24T11:41:23", "bulletinFamily": "software", "cvelist": ["CVE-2015-7704", "CVE-2015-8138", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1549", "CVE-2016-1550", "CVE-2016-1551", "CVE-2016-2516", "CVE-2016-2517", "CVE-2016-2518", "CVE-2016-2519"], "description": "A vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nThe vulnerability is due to insufficient checking of the duplicate peers requested to be removed by the NTP Mode 7 'unconfig' command. A successful exploit could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nThe vulnerability is due to insufficient validation of the user supplied data. A successful exploit could allow an authenticated, remote attacker to cause a reload of the affected system.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to cause out-of-bond references on the affected device.\n\nThe vulnerability is due to insufficient validation of the crafted packets carrying a illegal hmode value. A successful exploit could allow an authenticated, remote attacker to cause out-of-bond references on the affected device.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to change the values of trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted.\n\nThe vulnerability is due to insufficient validation of remote configuration trustedkey/requestkey values when the system is expressly configured to allow for remote configuration. A successful exploit could allow an authenticated, remote attacker to change the values of trustedkey, controlkey, or requestkey to a value that will prevent any subsequent authentication with ntpd until ntpd is restarted.\n\nA vulnerability in Network Time Protocol (NTP) could allow an authenticated, remote attacker to modify the system clock on a targeted system.\n\nThe vulnerability is due to not enforcing the limit on the number of active ephemeral associations that may be created under a single key. A successful exploit could allow a malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win ntpd's clock selection algorithm and modify a victim's clock.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to brute force the message digest by guessing values and determining when the comparison function runs for a longer amount of time.\n\nThe vulnerability is due to susceptibility of the authentication process to brute force by a timing attack. A successful exploit could allow an unauthenticated, remote attacker to brute force the message digest by guessing values and determining when the comparison function runs for a longer amount of time.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to cause a preemptable client association to be removed.\n\nThe vulnerability is due to insufficient validation the pre-emptable client associations' authentication. A successful exploit could allow an unauthenticated, remote attacker to cause a preemptable client association to be removed.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to change an existing client/server association to an interleaved symmetric mode, allowing malicious actor can then control the time or deny access to the legitimate server.\n\nThe vulnerability is due to insufficient validation of the user supplied data. A successful exploit could allow an unauthenticated, remote attacker to change an existing client/server association to an interleaved symmetric mode, allowing malicious actor can then control the time or deny access to the legitimate server.\n\nA vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to inject the refclock source IP to the NTPd process and thus take over the system clock on a targeted system.\n\nThe vulnerability is due to insufficient checks of the source IP address of the incoming NTP packet by the affected software. An attacker could exploit this vulnerability by sending a crafted packet to a targeted system. A successful exploit could allow remote attacker to inject the refclock source IP to the NTPd process and thus take over the system clock on a targeted system\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to modify time settings on a targeted system.\n\nThe vulnerability is due to incorrect processing of NTP update packets. An attacker could exploit this vulnerability by sending crafted updates that contain an a zero-origin timestamp to the clients' peer server. An exploit could allow the attacker to modify the time values received by the client, preventing client systems from receiving further updates from its legitimately configured time server.\n\nA vulnerability in the Network Time Protocol daemon could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper validation of user-supplied input. An unauthenticated, remote attacker could exploit the vulnerability by sending malicious requests to the targeted system.\n\nMultiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system's time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix.\n\nThe new vulnerabilities disclosed in this document are as follows:\n\nCVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability\nCVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability\nCVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability\nCVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks\nCVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability\nCVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd\nCVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated\nCVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC\nCVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked\n The two vulnerabilities that were previously disclosed without a complete fix are as follows:\n\nCVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass\nCVE-2015-7704: Network Time Protocol Packet Processing Denial of Service Vulnerability\n Those vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:\n\n Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp\"]\n Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016 [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd\"]\n Additional details about each vulnerability are in the NTP Consortium Security Notice [\"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security\"].\n\nCisco will release software updates that address these vulnerabilities.\n\nWorkarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.\n\nThis advisory is available at the following link:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd [\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd\"]", "modified": "2016-05-13T15:48:40", "published": "2016-04-28T09:00:00", "id": "CISCO-SA-20160428-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd", "type": "cisco", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-24T11:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2015-8138", "CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311", "CVE-2016-9312"], "description": "A vulnerability in Network Time Protocol (NTP) could allow an unauthenticated, remote attacker to modify the system clock on a targeted system.\n\nThe vulnerability is due to insufficient checks of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending a crafted packet to a targeted NTP client. A successful exploit could disable server synchronization, resulting in the ability to modify the system clock on the targeted client system.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow a local attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper initial sync calculations that are performed by the affected software. The vulnerability was introduced as the result of an attempt to fix NTP Bug 2085, involving a condition where the root delay was included twice, causing a higher than expected jitter value. Because of a misinterpretation of a small-print variable, a root distance would not include the peer dispersion. An attacker could exploit this vulnerability to cause a partial DoS condition on an affected system.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper handling of crafted packets by the affected software when the trap service is enabled. An attacker could exploit this vulnerability by sending crafted packets to a targeted system. An exploit could cause a NULL pointer dereference that could cause the ntpd service to crash, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to insufficient resource pooling when rate limiting for all associations is configured within the affected software. An attacker could exploit this vulnerability by sending crafted packets with a spoofed source address to the targeted system. An exploit could prevent the affected software from accepting valid responses from its configured sources, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied data by the affected software. An attacker could exploit the vulnerability by sending a malicious packet to a targeted system. A successful exploit could cause the ntpd to stop functioning, resulting in a DoS condition.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied data by the affected software. An unauthenticated, remote attacker could exploit the vulnerability by sending a malicious packet to a targeted system. A successful exploit could cause the ntpd to stop functioning, resulting in a DoS condition.\n\nA vulnerability in the broadcast-mode, poll-interval enforcement functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper resource management by the affected software. An attacker who has access to the broadcast domain of a targeted system could exploit this vulnerability by injecting crafted, broadcast-mode NTP packets into the broadcast domain in which the targeted system resides. A successful exploit could cause the NTP daemon to reject broadcast-mode packets from legitimate broadcast servers, resulting in a DoS condition.\n\nA vulnerability in the broadcast-mode, replay prevention functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper resource management by the affected software. An attacker who has access to the broadcast domain of a targeted system could exploit this vulnerability by injecting crafted, broadcast-mode NTP packets into the broadcast domain in which the targeted system resides. A successful exploit could cause the NTP daemon to reject broadcast-mode packets from legitimate broadcast servers, resulting in a DoS condition.\n\nA vulnerability in the control mode (mode 6) functionality of the Network Time Protocol (NTP) service could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper security restrictions that could lead to configuration modification. If the restrict default noquery best current practices recommendation for NTP is not specified, an attacker could exploit this vulnerability by sending a crafted control mode packet to an affected system. An exploit could allow the attacker to modify the affected software. The attacker could set ntpd traps, which could be leveraged to disclose sensitive information or aid in DDoS amplification. In addition, an attacker could unset ntpd traps, which could disable monitoring, resulting in a DoS condition.\n\nMultiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time.\n\nThe new vulnerabilities disclosed in this document are as follows:\n\nNetwork Time Protocol Trap Service Denial of Service Vulnerability\nNetwork Time Protocol Broadcast Mode Denial of Service Vulnerability\nNetwork Time Protocol Broadcast Mode Denial of Service Vulnerability\nNetwork Time Protocol Insufficient Resource Pool Denial of Service Vulnerability\nNetwork Time Protocol Configuration Modification Denial of Service Vulnerability\nNetwork Time Protocol mrulist Query Requests Denial of Service Vulnerability\nNetwork Time Protocol Multiple Binds to the Same Port Vulnerability\nNetwork Time Protocol Rate Limiting Denial of Service Vulnerability\n\nAs well as:\n\nRegression of CVE-2015-8138\nNetwork Time Protocol Reboot sync calculation problem\n Additional details about each vulnerability are in the NTP Consortium Security Notice [\"http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se\"].\n\nWorkarounds that address one or more of these vulnerabilities may be available and are documented in the Cisco bug for each affected product.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd\"]", "modified": "2017-01-23T14:51:48", "published": "2016-11-23T16:00:00", "id": "CISCO-SA-20161123-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd", "type": "cisco", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-24T11:41:24", "bulletinFamily": "software", "cvelist": ["CVE-2015-7973", "CVE-2015-7974", "CVE-2015-7975", "CVE-2015-7976", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8139", "CVE-2015-8140", "CVE-2015-8158"], "description": "A vulnerability in the Network Time Protocol daemon (ntpd) could allow an authenticated, remote attacker to leverage any trusted key, not just the trusted key for its address.\n\nThe vulnerability is exists because ntpd does not properly verify that the key being used matches the proper servers' key. An attacker could exploit this vulnerability by sending packets with any trusted key, as long as the keyid references another key the systems share and that key is used to compute the message authentication code (MAC). An exploit could allow the attacker to masquerade as another configured trusted association.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, adjacent attacker to replay broadcast server packets.\n\nThe vulnerability is due to no replay protection on NTP broadcast packets. An attacker could exploit this vulnerability by capturing and retransmiting NTP broadcast packets to a targeted system. An exploit could allow the attacker to cause time settings on a targeted system to stop updating and maintain a particular time value.\n\nA vulnerability in the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to modify time settings on a targeted system.\n\nThe vulnerability is due to incorrect processing of NTP update packets. An attacker could exploit this vulnerability by sending crafted updates that contain an a zero-origin timestamp to the clients' peer server. An exploit could allow the attacker to modify the time values received by the client, preventing client systems from receiving further updates from its legitimately configured time server.\n\nA vulnerability in the Standard Network Time Protocol query program (ntpq) could allow an unauthenticated, remote attacker to replay a previously captured ntpq command.\n\nThe vulnerability is due to an invalid checking of the sequence number. An attacker could exploit this vulnerability by capturing an authenticated ntpq command that was executed and then replaying back the command at a later stage. An exploit could allow the attacker to replay previously captured ntpq commands.\n\nA vulnerability in the list_restrict4() and list_restrict6() routines of the Network Time Protocol daemon (ntpd) could allow an authenticated, remote attacker to cause the ntpd to crash.\n\nThe vulnerability is due to a null pointer dereference in the list_restrict4() and list_restrict6() routines. An attacker could exploit this vulnerability by performing an ntpdc reslist command against a device that has a large number of NTP restrictions in place. An exploit could allow the attacker to cause the ntpd to crash.\n\nA vulnerability in the standard Network Time Protocol query program (ntpq) could allow a unauthenticated, local attacker to execute a buffer overflow attack.\n\nThe vulnerability is due to the function nextvar() executing a memcpy() into the name buffer without a proper length check. An attacker could exploit this vulnerability by calling ntpq to read variable names from an untrusted source, such as a user or environment variable. An exploit could allow the attacker to trigger a buffer overflow.\n\nA vulnerability in the standard and special Network Time Protocol query program (ntpq and ntpdc) could allow an unauthenticated, remote attacker to cause the ntpq or ntpdc program to remain in a processing loop.\n\nThe vulnerability is due to a loop that is not exited under certain conditions in the ntpq and ntpdc processes. An attacker could exploit this vulnerability by sending malicious packets to an ntpq or ntpdc client from a malicious NTP server or from a privileged network position by conducting a man-in-the-middle attack between a targeted client and the NTP server. An exploit could allow the attacker to cause the ntpq or ntpdc process to enter an infinite loop, resulting in a denial of service (DoS) condition.\n\nA vulnerability in the standard and the special Network Time Protocol query program (ntpq and ntpdc) could allow an unauthenticated, remote attacker to obtain the value of the origin timestamp expected in the next peer response.\n\nThe vulnerability is due to ntpq and ntpdc providing this information without requiring authentication. An attacker could exploit this issue by querying the client with the appropriate ntpq or ntpdc commands. An exploit could allow the attacker to obtain the next peer response origin timestamp, which could be leveraged in further attacks.\n\nA vulnerability of the Network Time Protocol daemon (ntpd) could allow an authenticated, remote attacker to cause the ntpd to crash by exhausting the call stack.\n\nThe vulnerability exists because function calls to list_restrict4() or list_restrict6() can be made to exhaust space on the call stack. An attacker could exploit this vulnerability by performing an ntpdc reslist command against a device that has a large number of NTP restrictions in place. An exploit could allow the attacker to cause the ntpd to crash.\n\nA vulnerability the Network Time Protocol daemon (ntpd) could allow an unauthenticated, remote attacker to prevent clients from synchronizing to a time server.\n\nThe vulnerability is due to the improper handling of malicious packets by the broadcast server. An attacker could exploit this vulnerability by sending malicious, authenticated packets to the broadcast network. An exploit could allow the attacker to prevent the broadcast clients from synchronizing with configured time servers.\n\nAn issue in the standard Network Time Protocol query program (ntpq) could allow an authenticated, remote attacker to create files on the system with dangerous characters in the filename.\n\nThe issue is due to to improper validation of characters within filenames. An attacker could exploit this issue by saving a filename with the saveconfig command. An exploit could allow the attacker to write filenames to the system that may contain potentially dangerous character sequences.\n\nMultiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n\nOn January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows:\n\nCVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability\nCVE-2015-7974: Network Time Protocol Missing Trusted Key Check\nCVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check\nCVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames\nCVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability\nCVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service\nCVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service\nCVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass\nCVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp\nCVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack\nCVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop\n Additional details on each of the vulnerabilities are in the official security advisory from the NTP Consortium at Network Time Foundation at the following link: Security Notice [\"http://nwtime.org/security-policy/\"]\n\nCisco has released software updates that address these vulnerabilities.\n\nWorkarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product.\n\nThis advisory is available at the following link:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd", "modified": "2016-03-07T14:02:40", "published": "2016-01-27T20:00:00", "id": "CISCO-SA-20160127-NTPD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd", "type": "cisco", "title": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-8138", "CVE-2016-1550", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2016-1547", "CVE-2016-2519", "CVE-2016-2517", "CVE-2016-1549"], "description": "\nNetwork Time Foundation reports:\n\nNTF's NTP Project has been notified of the following low-\n\t and medium-severity vulnerabilities that are fixed in\n\t ntp-4.2.8p7, released on Tuesday, 26 April 2016:\n\nBug 3020 / CVE-2016-1551: Refclock impersonation\n\t vulnerability, AKA: refclock-peering. Reported by\n\t Matt Street and others of Cisco ASIG\nBug 3012 / CVE-2016-1549: Sybil vulnerability:\n\t ephemeral association attack, AKA: ntp-sybil -\n\t MITIGATION ONLY. Reported by Matthew Van Gundy\n\t of Cisco ASIG\nBug 3011 / CVE-2016-2516: Duplicate IPs on\n\t unconfig directives will cause an assertion botch.\n\t Reported by Yihan Lian of the Cloud Security Team,\n\t Qihoo 360\nBug 3010 / CVE-2016-2517: Remote configuration\n\t trustedkey/requestkey values are not properly\n\t validated. Reported by Yihan Lian of the Cloud\n\t Security Team, Qihoo 360\nBug 3009 / CVE-2016-2518: Crafted addpeer with\n\t hmode > 7 causes array wraparound with MATCH_ASSOC.\n\t Reported by Yihan Lian of the Cloud Security Team,\n\t Qihoo 360\nBug 3008 / CVE-2016-2519: ctl_getitem() return\n\t value not always checked. Reported by Yihan Lian\n\t of the Cloud Security Team, Qihoo 360\nBug 3007 / CVE-2016-1547: Validate crypto-NAKs,\n\t AKA: nak-dos. Reported by Stephen Gray and\n\t Matthew Van Gundy of Cisco ASIG\nBug 2978 / CVE-2016-1548: Interleave-pivot -\n\t MITIGATION ONLY. Reported by Miroslav Lichvar of\n\t RedHat and separately by Jonathan Gardner of\n\t Cisco ASIG.\nBug 2952 / CVE-2015-7704: KoD fix: peer\n\t associations were broken by the fix for\n\t NtpBug2901, AKA: Symmetric active/passive mode\n\t is broken. Reported by Michael Tatarinov,\n\t NTP Project Developer Volunteer\nBug 2945 / Bug 2901 / CVE-2015-8138: Zero\n\t Origin Timestamp Bypass, AKA: Additional KoD Checks.\n\t Reported by Jonathan Gardner of Cisco ASIG\nBug 2879 / CVE-2016-1550: Improve NTP security\n\t against buffer comparison timing attacks,\n\t authdecrypt-timing, AKA: authdecrypt-timing.\n\t Reported independently by Loganaden Velvindron,\n\t and Matthew Van Gundy and Stephen Gray of\n\t Cisco ASIG.\n\n\n", "edition": 5, "modified": "2016-08-09T00:00:00", "published": "2016-04-26T00:00:00", "id": "B2487D9A-0C30-11E6-ACD0-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/b2487d9a-0c30-11e6-acd0-d050996490d0.html", "title": "ntp -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7974", "CVE-2015-7978"], "description": "\nNetwork Time Foundation reports:\n\nNTF's NTP Project has been notified of the following low-\n\t and medium-severity vulnerabilities that are fixed in\n\t ntp-4.2.8p6, released on Tuesday, 19 January 2016:\n\nBug 2948 / CVE-2015-8158: Potential Infinite Loop\n\t in ntpq. Reported by Cisco ASIG.\nBug 2945 / CVE-2015-8138: origin: Zero Origin\n\t Timestamp Bypass. Reported by Cisco ASIG.\nBug 2942 / CVE-2015-7979: Off-path Denial of\n\t Service (DoS) attack on authenticated broadcast\n\t mode. Reported by Cisco ASIG.\nBug 2940 / CVE-2015-7978: Stack exhaustion in\n\t recursive traversal of restriction list.\n\t Reported by Cisco ASIG.\nBug 2939 / CVE-2015-7977: reslist NULL pointer\n\t dereference. Reported by Cisco ASIG.\nBug 2938 / CVE-2015-7976: ntpq saveconfig command\n\t allows dangerous characters in filenames.\n\t Reported by Cisco ASIG.\nBug 2937 / CVE-2015-7975: nextvar() missing length\n\t check. Reported by Cisco ASIG.\nBug 2936 / CVE-2015-7974: Skeleton Key: Missing\n\t key check allows impersonation between authenticated\n\t peers. Reported by Cisco ASIG.\nBug 2935 / CVE-2015-7973: Deja Vu: Replay attack on\n\t authenticated broadcast mode. Reported by Cisco ASIG.\n\nAdditionally, mitigations are published for the following\n\t two issues:\n\nBug 2947 / CVE-2015-8140: ntpq vulnerable to replay\n\t attacks. Reported by Cisco ASIG.\nBug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc,\n\t disclose origin. Reported by Cisco ASIG.\n\n\n", "edition": 5, "modified": "2016-08-09T00:00:00", "published": "2016-01-20T00:00:00", "id": "5237F5D7-C020-11E5-B397-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/5237f5d7-c020-11e5-b397-d050996490d0.html", "title": "ntp -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "symantec": [{"lastseen": "2020-12-24T10:41:55", "bulletinFamily": "software", "cvelist": ["CVE-2015-5300", "CVE-2015-7973", "CVE-2015-7974", "CVE-2015-7975", "CVE-2015-7976", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8139", "CVE-2015-8140", "CVE-2015-8158"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of the NTP software distribution from ntp.org are susceptible to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to set the victim's system time to an arbitrary value or cause it to become out of sync. The attacker can also cause denial of service through application crashes and perform unauthorized modifications to the victim's NTP daemon configuration and other files on the local file system. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-8158 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \n6.6 | Upgrade to 6.6.5.4. \nAll CVEs except CVE-2015-8139, \nCVE-2015-8140, CVE-2015-8158 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \n6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.4. \nCVE-2015-8139, CVE-2015-8140 | 6.6 and later (not vulnerable to known vectors of attack) | A fix will not be provided. ASG does not enable remote NTP configuration. \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2015-8139, \nCVE-2015-8140 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \n1.2 | Upgrade to later release with fixes. \nCVE-2015-8138 | 1.3 | Upgrade to 1.3.6.1. \nCVE-2015-5300 | 1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.6.1. \nCVE-2015-8158 | 1.3 | Upgrade to 1.3.7.3. \nCVE-2015-7973, CVE-2015-7974, \nCVE-2015-7975, CVE-2015-7976, \nCVE-2015-7977, CVE-2015-7978, \nCVE-2015-7979 | 1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.7.3. \nCVE-2015-8139, CVE-2015-8140 | 1.2 and later (not vulnerable to known vectors of attack) | A fix will not be provided. ASG does not enable remote NTP configuration. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except for CVE-2015-7975, \nCVE-2015-8138, CVE-2015-8139, \nCVE-2015-8140 | 6.1 | Upgrade to 6.1.22.1. \nCVE-2015-8139, CVE-2015-8140 | 6.1 | A fix will not be provided. Director by default does not enable remote NTP configuration. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-8158 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5300, CVE-2015-8138 | 1.6 and later | Not vulnerable, fixed in 1.6.1.1 \n1.5 | Upgrade to 1.5.3.1. \nCVE-2015-8158 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1 \n1.7 | Upgrade to 1.7.2.1. \n1.5, 1.6 | Upgrade to later release with fixes. \nAll CVEs except CVE-2015-5300, \nCVE-2015-8138, CVE-2015-8139, \nCVE-2015-8140, CVE-2015-8158 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1 \n1.7 | Upgrade to 1.7.2.1. \n1.5, 1.6 | Upgrade to later release with fixes. \nCVE-2015-8139, CVE-2015-8140 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1 \n1.7 (not vulnerable to known vectors of attack) | Upgrade to 1.7.2.1 \n1.5, 1.6 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5300, CVE-2015-8138 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.4.1. \nCVE-2015-7973, CVE-2015-7976 | 10.5 and later | Not vulnerable, fixed in 10.5.1.1 \n10.3, 10.4 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \n10.2 | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.5.1 \nCVE-2015-8158 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.5.1. \nCVE-2015-8139, CVE-2015-8140 | 10.1 and later | A fix will not be provided. Reporter does not enable remote NTP configuration. \nCVE-2015-7974, CVE-2015-7977, \nCVE-2015-7978, CVE-2015-7979 | 10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.5.1. \nAll CVEs | 9.4, 9.5 | Not vulnerable \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2015-7973, CVE-2015-7976, CVE-2015-8139 and CVE-2015-8140 | 7.3 and later | Not vulnerable, fixed in 7.3.1. \n7.2 | Upgrade to 7.2.2. \nCVE-2015-8139, CVE-2015-8140 | 7.2 and later | A fix will not be provided. SA by default does not enable NTP remote configuration. \nCVE-2015-7973, CVE-2015-7976 | 8.1, 8.2 | Not available at this time \n8.0, 7.3 starting with 7.3.2 | Upgrade to later release with fixes. \n7.2, 7.3.1 | Not vulnerable, fixed in 7.2.1. \nAll CVEs except CVE-2015-7973, and CVE-2015-7976 | 7.2 | Not vulnerable, fixed in 7.2.1. \nCVE-2015-5300, CVE-2015-8138 | 7.1 | Upgrade to 7.1.11. \n7.0 | Upgrade to later release with fixes. \n6.6 | Upgrade to 6.6.12. \nCVE-2015-7973, CVE-2015-7974, \nCVE-2015-7976, CVE-2015-7977, \nCVE-2015-7978, CVE-2015-7979, \nCVE-2015-8139, \nCVE-2015-8158 | 7.1 | Apply patch RPM from customer support. \n7.0 | Upgrade to later release with fixes. \n6.6 | Apply patch RPM from customer support. \nCVE-2015-8140 | 6.6, 7.0, 7.1 | A fix will not be provided. SA by default does not enable NTP remote configuration. \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 3.11 and later | Not vulnerable, fixed in 3.11.1.1 \nCVE-2015-5300 | 3.10 | Upgrade to 3.10.2.1. \n3.9 | Upgrade to 3.9.3.1. \n3.8, 3.8.4FC | Upgrade to later release with fixes. \nCVE-2015-7974, CVE-2015-8138 | 3.10 | Upgrade to 3.10.2.1. \n3.9 | Upgrade to 3.9.7.1. \n3.8, 3.8.4FC | Upgrade to later release with fixes. \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2015-8139, CVE-2015-8140 | 1.12 and later (not vulnerable to known vectors of attack) | A fix will not be provided. WI by default does not enable NTP remote querying and configuration. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2015-7975 | 9.7, 10.0, 11.0 | A fix will not be provided. \n \n### \nADDITIONAL PRODUCT INFORMATION\n\nIn SSL Visibility, the NTP vulnerabilities can be exploited only through the same physical network port that is used by the product&#x27;s management interfaces (web UI, CLD). Limiting the machines, IP addresses and subnets able to reach this physical network port reduces the threat. The reduced threat reduces the CVSS v2 scores for each CVE. The adjusted CVSS v2 base scores and severity are:\n\n * CVE-2015-5300 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:N/I:P/A:N)\n * CVE-2015-7974 - 1.4 (LOW) (AV:A/AC:H/Au:S/C:N/I:P/A:N)\n * CVE-2015-8138 - 4.8 (MEDIUM) (AV:A/AC:L/Au:N/C:N/I:P/A:P)\n\nBlue Coat products do not enable or use all functionality within the NTP software distribution from ntp.org. Products listed below do not utilize the functionality described in the CVEs below, and are thus not known to be vulnerable to them. However, fixes for those CVEs will be included in the patches that are provided.\n\n * **ASG 6.6:** CVE-2015-5300, CVE-2015-7973, CVE-2015-7974, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, and CVE-2015-8140.\n * **ASG 6.7:** CVE-2015-8139 and CVE-2015-8140\n * **CAS:** CVE-2015-7973, CVE-2015-7974, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, and CVE-2015-8140.\n * **MTD:** CVE-2015-7973, CVE-2015-7974, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, and CVE-2015-8140.\n * **MC:** CVE-2015-7973, CVE-2015-7974, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, and CVE-2015-8140.\n * **Reporter 10.1:** CVE-2015-7973, CVE-2015-7974, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, and CVE-2015-8140.\n * **SSLV 3x:** CVE-2015-7973, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, and CVE-2015-8158.\n * **SSLV 4.x:** CVE-2015-8139, CVE-2015-8140\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nBlue Coat HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nMalware Analysis Appliance \nNorman Shark Industrial Control System Protection \nNorman Shark Network Protection \nNorman Shark SCADA Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG \nUnified Agent**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2015-5300** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 77312](<https://www.securityfocus.com/bid/77312>) / NVD: [CVE-2015-5300](<https://nvd.nist.gov/vuln/detail/CVE-2015-5300>) \n**Impact** | Unauthorized modification of system time \n**Description** | A flaw in ntpd allows a remote attacker to adjust the victim's system time by an offset larger than the ntpd panic threshold. The attacker can effectively set the victim's system time to an arbitrary value. \n \n \n\n**CVE-2015-7973** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:A/AC:M/Au:N/C:N/I:P/A:P) \n**References** | SecurityFocus: [BID 81963](<https://www.securityfocus.com/bid/81963>) / NVD: [CVE-2015-7973](<https://nvd.nist.gov/vuln/detail/CVE-2015-7973>) \n**Impact** | Unauthorized modification of system time \n**Description** | A flaw in the NTP protocol broadcast mode allows a man-in-the-middle or a malicious broadcast client to replay time packets to broadcast clients. This attack can cause the victim's system time to become out of sync. \n \n \n\n**CVE-2015-7974** \n--- \n**Severity / CVSSv2** | Low / 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 81960](<https://www.securityfocus.com/bid/81960>) / NVD: [CVE-2015-7974](<https://nvd.nist.gov/vuln/detail/CVE-2015-7974>) \n**Impact** | Unauthorized modification of system time \n**Description** | A flaw in ntpd allows a remote malicious trusted NTP client or server to impersonate a different trusted NTP client or server and modify time packets. This attack can cause the victim's system time to become out of sync. \n \n \n\n**CVE-2015-7975** \n--- \n**Severity / CVSSv2** | Low / 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 81959](<https://www.securityfocus.com/bid/81959>) / NVD: [CVE-2015-7975](<https://nvd.nist.gov/vuln/detail/CVE-2015-7975>) \n**Impact** | Denial of service \n**Description** | A flaw in ntpq allows a remote attacker to send a crafted response to ntpq and cause it to crash, resulting in denial of service. \n \n \n\n**CVE-2015-7976** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) \n**References** | SecurityFocus: NVD: [CVE-2015-7976](<https://nvd.nist.gov/vuln/detail/CVE-2015-7976>) \n**Impact** | Unauthorized modification of data \n**Description** | A flaw in ntpd allows a remote attacker to send a crafted \"saveconfig\" command to ntpd, causing it to modify files on the local filesystem. \n \n \n\n**CVE-2015-7977** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 81815](<https://www.securityfocus.com/bid/81815>) / NVD: [CVE-2015-7977](<https://nvd.nist.gov/vuln/detail/CVE-2015-7977>) \n**Impact** | Denial of service \n**Description** | A flaw in ntpd allows a remote attacker to send a crafted \"ntpdc reslist\" command to ntpd. This attack causes ntpd to dereference a NULL pointer and crash, resulting in denial of service. \n \n \n\n**CVE-2015-7978** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 81962](<https://www.securityfocus.com/bid/81962>) / NVD: [CVE-2015-7978](<https://nvd.nist.gov/vuln/detail/CVE-2015-7978>) \n**Impact** | Denial of service \n**Description** | A flaw in ntpd allows a remote attacker to send a crafted \"ntpdc reslist\" command to ntpd. This attack causes ntpd to exhaust its call stack and crash, resulting in denial of service. \n \n \n\n**CVE-2015-7979** \n--- \n**Severity / CVSSv2** | Medium / 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) \n**References** | SecurityFocus: [BID 81816](<https://www.securityfocus.com/bid/81816>) / NVD: [CVE-2015-7979](<https://nvd.nist.gov/vuln/detail/CVE-2015-7979>) \n**Impact** | Denial of service \n**Description** | A flaw in the NTP protocol broadcast mode allows a remote attacker to send bad authentication packets to broadcast clients. This attack causes the clients to stop synchronizing their system time from the broadcast server, which causes their time to become out of sync and results in denial of service. \n \n \n\n**CVE-2015-8138** \n--- \n**Severity / CVSSv2** | Medium / 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) \n**References** | SecurityFocus: [BID 81811](<https://www.securityfocus.com/bid/81811>) / NVD: [CVE-2015-8138](<https://nvd.nist.gov/vuln/detail/CVE-2015-8138>) \n**Impact** | Denial of service, unauthorized modification of system time \n**Description** | A flaw in ntpd allows a remote attacker to send a forged time packet to an NTP client. This attack causes the client to set its system time to an arbitrary value or stop synchonizing its time from the NTP server. \n \n \n\n**CVE-2015-8139** \n--- \n**Severity / CVSSv2** | Medium / 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n**References** | SecurityFocus: [BID 82105](<https://www.securityfocus.com/bid/82105>) / NVD: [CVE-2015-8139](<https://nvd.nist.gov/vuln/detail/CVE-2015-8139>) \n**Impact** | Unauthorized modification of system time \n**Description** | A flaw in ntpd allows a remote attacker to obtain timestamp information from an NTP client and use the information to send a forged time packet to the client. This attack can cause the client to set its system time to an arbitrary value. \n \n \n\n**CVE-2015-8140** \n--- \n**Severity / CVSSv2** | Medium / 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 82102](<https://www.securityfocus.com/bid/82102>) / NVD: [CVE-2015-8140](<https://nvd.nist.gov/vuln/detail/CVE-2015-8140>) \n**Impact** | Unauthorized modification of data \n**Description** | A flaw in the ntpq protocol that allows replay attacks allows a remote attacker can sniff an ntpq configuration command and replay it at a later time, modifying the victim's ntpd configuration in an unexpected way. \n \n \n\n**CVE-2015-8158** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 81814](<https://www.securityfocus.com/bid/81814>) / NVD: [CVE-2015-8158](<https://nvd.nist.gov/vuln/detail/CVE-2015-8158>) \n**Impact** | Denial of service \n**Description** | A flaw in ntpq and ntpdc allows an attacker to send a crafted response to ntpq or ntpdc and force them to enter an infinite loop. This attack results in denial of service. \n \n### \nMITIGATION\n\nThese vulnerabilities can be exploited only through the management network port for CAS, Director, MC, and XOS. Allowing only machines, IP addresses and subnets from a trusted network to access to the management network port reduces the threat of exploiting the vulnerabilities.\n\nBy default, Director, Security Analytics and XOS do not run ntpd with the -g command line option, and do not enable NTP broadcast mode, symmetric authentication, remote querying, and remote configuration. Customers who leave these NTP features disabled prevent attacks against these products using the following vulnerabilities:\n\n * **Director and Security Analytics:** CVE-2015-5300, CVE-2015-7973, CVE-2015-7974, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140.\n * **XOS:** CVE-2015-7973, CVE-2015-7974, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140.\n\n### REFERENCES\n\nNTP Project Security Notice - <https://support.ntp.org/bin/view/Main/SecurityNotice> \nAttacking the Network Time Protocol (technical paper) - <https://www.cs.bu.edu/~goldbe/NTPattack.html> \nAttacking NTP's Authenticated Broadcast Mode - <https://www.cs.bu.edu/~goldbe/papers/NTPbroadcast.html> \n \n\n\n### REVISION\n\n2020-11-17 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. \n2020-04-23 A fix for CVE-2015-7973 and CVE-2015-7976 in Reporter 10.3 will not be provided. Please upgrade to a larger release with the vulnerability fixes. Reporter 10.5 is not vulnerable to CVE-2015-7973 and CVE-2015-7976 because a fix is available in 10.5.1.1. \n2019-10-07 WI 1.12 and 1.13 have vulnerable versions of the NTP software distribution from ntp.org for CVE-2015-8139 and CVE-2015-8140, but do not enable remote querying and configuration in ntpd, so they are not vulnerable to known vectors of attack. Fixes will not be provided. \n2019-08-28 Reporter 10.3 and 10.4 have vulnerable versions of the NTP software distribution from ntp.org, but are not vulnerable to known vectors of attack. \n2019-01-21 SA 7.3 starting with 7.3.2 and 8.0 are vulnerable to CVE-2015-7973 and CVE-2015-7976. SA 8.0 is vulnerable to CVE-2015-8139 and CVE-2015-8140. By default, SA 8.0 does not enable NTP remote configuration. \n2019-01-18 SSLV 4.x is not vulnerable to CVE-2015-8139 and CVE-2015-8140 because a fix is available in 4.0.2.1. \n2018-04-22 CAS 2.3 has a vulnerable version of the NTP software distribution from ntp.org, but is not vulnerable to known vectors of attack. A fix for CVE-2015-8139 and CVE-2015-8140 will not be provided. CAS 2.3 does not enable remote configuration in the NTP reference implementation and is not vulnerable to known vectors of attack for CVE-2015-8139 and CVE-2015-8140. \n2017-11-08 CAS 2.2 has a vulnerable version of the NTP software distribution from ntp.org, but is not vulnerable to known vectors of attack. A fix for CVE-2015-8139 and CVE-2015-8140 will not be provided. CAS 2.2 does not enable remote configuration in the NTP reference implementation and is not vulnerable to known vectors of attack for CVE-2015-8139 and CVE-2015-8140. \n2017-11-07 MC 1.8 and later releases have a vulnerable version of the NTP software distribution from ntp.org for CVE-2015-8139 and CVE-2015-8140. A fix will not be provided. MC does not enable remote configuration in the NTP. reference implementation and is not vulnerable to known vectors of attack for CVE-2015-8139 and CVE-2015-8140 \n2017-11-06 ASG 6.7 has a vulnerable version of the NTP software distribution from ntp.org for CVE-2015-8139 and CVE-2015-8140. A fix will not be provided. ASG 6.7 does not enable remote configuration in the NTP reference implementation and is not vulnerable to known vectors of attack for CVE-2015-8139 and CVE-2015-8140. \n2017-11-04 It was previously reported that SSLV 4.0 and 4.1 are not vulnerable. Futher investigtion indicates that SSLV 4.x has a vulnerable version of the NTP software distribution from ntp.org for CVE-2015-8139 and CVE-2015-8140. Fixes will not be provided. SSLV 4.x does not enable remote configuration and is not vulnerable to known vectors of attack. \n2017-08-02 SSLV 4.1 is not vulnerable. \n2017-07-20 MC 1.10 has a vulnerable version of the NTP software distribution from ntp.org, but is not vulnerable to known vectors of attack. A fix for CVE-2015-8139 and CVE-2015-8140 in MC 1.9 will not be provided. MC 1.9 does not enable remote configuration in the NTP. reference implementation and is not vulnerable to known vectors of attack for CVE-2015-8139 and CVE-2015-8140. \n2017-07-18 A fix for CVE-2015-8139 and CVE-2015-8140 will not be provided for ASG, CA, Director, MC, Reporter, and Security Analytics. These products do not enable remote configuration in the NTP reference implementation and are not vulnerable to known vectors of attack. \n2017-06-22 Security Analytics 7.3 is vulnerable to CVE-2015-8139 and CVE-2015-8140. \n2017-05-17 CAS 2.1 has a vulnerable version of the NTP software distribution from ntp.org, but is not vulnerable to known vectors of attack. \n2017-03-30 MC 1.8 and 1.9 have a vulnerable version of the NTP software distribution from ntp.org, but are not vulnerable to known vectors of attack. \n2017-03-29 A fix for all CVEs except CVE-2015-8139 and CVE-2015-8140 in ASG 6.6 is available in 6.6.5.4. \n2017-03-16 A fix for all CVEs in SSLV 3.10 is available in 3.10.2.1. \n2017-03-08 A fix for all CVEs except CVE-2015-8139 and CVE-2015-8140 in Director is available in 6.1.22.1. \n2017-03-06 MC 1.8 is not vulnerable. SSLV 4.0 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. \n2017-01-25 A fix for all CVEs except CVE-2015-8139 and CVE-2015-8140 in SA 7.2 is available in 7.2.2. \n2017-01-24 A fix for all CVEs except CVE-2015-8139 and CVE-2015-8140 in CAS 1.3 is available in 1.3.7.3. \n2017-01-13 A fix for all CVEs in SSLV 3.9 is available in 3.9.7.1. \n2017-01-10 A fix for all CVEs except for CVE-2015-8139 and CVE-2015-8140 in Reporter 10.1 is available in 10.1.5.1. \n2016-12-04 A fix is available in SSLV 3.11.1.1. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-14 A fix for all CVEs except CVE-2015-8139 and CVE-2015-8140 is available in MC 1.7.2.1. \n2016-11-11 SSLV 3.10 is vulnerable to CVE-2015-7974 and CVE-2015-8138. A fix is not available at this time. \n2016-11-08 A fix for all CVEs except CVE-2015-8140 in Security Analytics 6.6 and 7.1 is available through a patch RPM from Blue Coat Support. SA 7.2 is vulnerable to CVE-2015-7973, CVE-2015-7976, and CVE-2015-8140. \n2016-10-26 MC 1.6 and 1.7 are vulnerable to CVE-2015-8158. They also have vulnerable code for multiple CVEs, but are not vulnerable to known vectors of attack. See Advisory Details section for a list of CVEs. A fix will not be provided for MC 1.6. Please, upgrade to a later version with the vulnerability fixes. \n2016-07-18 A fix for CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8139, and CVE-2015-8158 in Security Analytics 6.6 and 7.1 is available through a patch RPM from customer support. A fix for the other CVEs is not available at this time. \n2016-06-23 A fix for CVE-2015-5300 and CVE-2015-8138 is available in ASG 6.6.4.1. \n2016-05-17 A fix for CVE-2015-5300 and CVE-2015-8138 is available in Security Analytics 6.6.12 and 7.1.11. \n2016-05-11 No Cloud Data Protection products are vulnerable. \n2016-04-24 MTD 1.1 is vulnerable to CVE-2015-8158. It also have vulnerable code for a number of CVEs, but is not vulnerable to known vectors of attack. \n2016-04-01 A fix for CVE-2015-5300 and CVE-2015-8138 in Reporter 10.1 is available in 10.1.4.1. \n2016-03-28 Previously it was reported that SSLV has vulnerable code for CVE-2015-7975. Further investigation has shown that SSLV is not vulnerable to this CVE. \n2016-03-14 A fix for CVE-2015-5300 and CVE-2015-8138 in CAS 1.3 is available in 1.3.6.1. A fix for CVE-2015-5300 and CVE-2015-8138 in MC 1.5 is available in 1.5.3.1. \n2016-03-03 initial public release\n", "modified": "2020-12-22T05:06:10", "published": "2016-03-03T08:00:00", "id": "SMNTC-1350", "href": "", "type": "symantec", "title": "SA113 : January 2016 NTP Security Vulnerabilities", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:22:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "edition": 1, "description": "ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "modified": "2016-05-12T21:07:47", "published": "2016-05-12T21:07:47", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html", "id": "OPENSUSE-SU-2016:1292-1", "title": "Security update for ntp (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "edition": 1, "description": "ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n\n", "modified": "2016-04-28T19:13:09", "published": "2016-04-28T19:13:09", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html", "id": "SUSE-SU-2016:1177-1", "title": "Security update for ntp (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7979", "CVE-2015-7976", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7978"], "edition": 1, "description": "ntp was updated to version 4.2.8p6 to fix 12 security issues.\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n - bsc#784760: Remove local clock from default configuration\n\n", "modified": "2016-04-28T19:09:34", "published": "2016-04-28T19:09:34", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html", "id": "SUSE-SU-2016:1175-1", "title": "Security update for ntp (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:27:22", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7703", "CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7855", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7692", "CVE-2015-7851", "CVE-2015-7702", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "description": "ntp was updated to version 4.2.8p6 to fix 28 security issues.\n\n Major functional changes:\n - The &quot;sntp&quot; commandline tool changed its option handling in a major way,\n some options have been renamed or dropped.\n - &quot;controlkey 1&quot; is added during update to ntp.conf to allow sntp to work.\n - The local clock is being disabled during update.\n - ntpd is no longer running chrooted.\n\n Other functional changes:\n - ntp-signd is installed.\n - &quot;enable mode7&quot; can be added to the configuration to allow ntdpc to work\n as compatibility mode option.\n - &quot;kod&quot; was removed from the default restrictions.\n - SHA1 keys are used by default instead of MD5 keys.\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n These security issues were fixed:\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n - CVE-2015-7871: NAK to the Future: Symmetric association authentication\n bypass via crypto-NAK (bsc#951608).\n - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning\n FAIL on some bogus values (bsc#951608).\n - CVE-2015-7854: Password Length Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7853: Invalid length data provided by a custom refclock driver\n could cause a buffer overflow (bsc#951608).\n - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n - CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n - CVE-2015-7849: trusted key use-after-free (bsc#951608).\n - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n - CVE-2015-7703: configuration directives &quot;pidfile&quot; and &quot;driftfile&quot; should\n only be allowed locally (bsc#951608).\n - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate\n the origin timestamp field (bsc#951608).\n - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data\n packet length checks (bsc#951608).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n - Add a controlkey line to /etc/ntp.conf if one does not already exist to\n allow runtime configuuration via ntpq.\n - bsc#946386: Temporarily disable memlock to avoid problems due to high\n memory usage during name resolution.\n - bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n - Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n - Fix legacy action scripts to pass on command line arguments.\n - bsc#944300: Remove &quot;kod&quot; from the restrict line in ntp.conf.\n - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n - Add a controlkey to ntp.conf to make the above work.\n - Don't let &quot;keysdir&quot; lines in ntp.conf trigger the &quot;keys&quot; parser.\n - Disable mode 7 (ntpdc) again, now that we don't use it anymore.\n - Add &quot;addserver&quot; as a new legacy action.\n - bsc#910063: Fix the comment regarding addserver in ntp.conf.\n - bsc#926510: Disable chroot by default.\n - bsc#920238: Enable ntpdc for backwards compatibility.\n\n", "edition": 1, "modified": "2016-05-06T13:07:50", "published": "2016-05-06T13:07:50", "id": "SUSE-SU-2016:1247-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html", "title": "Security update for ntp (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7703", "CVE-2015-8140", "CVE-2015-8138", "CVE-2015-7855", "CVE-2015-7973", "CVE-2015-7977", "CVE-2015-8158", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7692", "CVE-2015-7851", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "description": "This network time protocol server ntp was updated to 4.2.8p6 to fix the\n following issues:\n\n Also yast2-ntp-client was updated to match some sntp syntax changes.\n (bsc#937837)\n\n Major functional changes:\n - The &quot;sntp&quot; commandline tool changed its option handling in a major way.\n - &quot;controlkey 1&quot; is added during update to ntp.conf to allow sntp to work.\n - The local clock is being disabled during update.\n - ntpd is no longer running chrooted.\n\n\n Other functional changes:\n - ntp-signd is installed.\n - &quot;enable mode7&quot; can be added to the configuration to allow ntdpc to work\n as compatibility mode option.\n - &quot;kod&quot; was removed from the default restrictions.\n - SHA1 keys are used by default instead of MD5 keys.\n\n These security issues were fixed:\n - CVE-2015-5219: An endless loop due to incorrect precision to double\n conversion (bsc#943216).\n - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated\n broadcast mode (bsc#962784).\n - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction\n list (bsc#963000).\n - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in\n filenames (bsc#962802).\n - CVE-2015-7975: nextvar() missing length check (bsc#962988).\n - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation\n between authenticated peers (bsc#962960).\n - CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n - CVE-2015-5300: MITM attacker could have forced ntpd to make a step\n larger than the panic threshold (bsc#951629).\n - CVE-2015-7871: NAK to the Future: Symmetric association authentication\n bypass via crypto-NAK (bsc#951608).\n - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning\n FAIL on some bogus values (bsc#951608).\n - CVE-2015-7854: Password Length Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7853: Invalid length data provided by a custom refclock driver\n could cause a buffer overflow (bsc#951608).\n - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability\n (bsc#951608).\n - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n - CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n - CVE-2015-7849: trusted key use-after-free (bsc#951608).\n - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n - CVE-2015-7703: configuration directives &quot;pidfile&quot; and &quot;driftfile&quot; should\n only be allowed locally (bsc#951608).\n - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate\n the origin timestamp field (bsc#951608).\n - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data\n packet length checks (bsc#951608).\n\n These non-security issues were fixed:\n - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP\n (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added\n the authreg directive.\n - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which\n caused the synchronization to fail.\n - bsc#782060: Speedup ntpq.\n - bsc#916617: Add /var/db/ntp-kod.\n - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen\n quite a lot on loaded systems.\n - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n - Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n - Add a controlkey line to /etc/ntp.conf if one does not already exist to\n allow runtime configuuration via ntpq.\n - bsc#946386: Temporarily disable memlock to avoid problems due to high\n memory usage during name resolution.\n - bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n - Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n - Fix legacy action scripts to pass on command line arguments.\n - bsc#944300: Remove &quot;kod&quot; from the restrict line in ntp.conf.\n - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n - Don't let &quot;keysdir&quot; lines in ntp.conf trigger the &quot;keys&quot; parser.\n - Disable mode 7 (ntpdc) again, now that we don't use it anymore.\n - Add &quot;addserver&quot; as a new legacy action.\n - bsc#910063: Fix the comment regarding addserver in ntp.conf.\n - bsc#926510: Disable chroot by default.\n - bsc#920238: Enable ntpdc for backwards compatibility.\n - bsc#784760: Remove local clock from default configuration.\n - bsc#942441/fate#319496: Require perl-Socket6.\n - Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n - bsc#920183: Allow -4 and -6 address qualifiers in &quot;server&quot; directives.\n - Use upstream ntp-wait, because our version is incompatible with the new\n ntpq command line syntax.\n\n", "edition": 1, "modified": "2016-05-17T15:09:17", "published": "2016-05-17T15:09:17", "id": "SUSE-SU-2016:1311-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html", "type": "suse", "title": "Security update for ntp (important)", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2015-7855", "CVE-2016-4953", "CVE-2015-7973", "CVE-2015-1799", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-7975", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7851", "CVE-2015-7702", "CVE-2016-4957", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2016-2519", "CVE-2016-2517", "CVE-2015-7705", "CVE-2015-1798", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2016-1549", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "description": "NTP was updated to version 4.2.8p8 to fix several security issues and to\n ensure the continued maintainability of the package.\n\n These security issues were fixed:\n\n * CVE-2016-4953: Bad authentication demobilized ephemeral associations\n (bsc#982065).\n * CVE-2016-4954: Processing spoofed server packets (bsc#982066).\n * CVE-2016-4955: Autokey association reset (bsc#982067).\n * CVE-2016-4956: Broadcast interleave (bsc#982068).\n * CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).\n * CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS\n (bsc#977459).\n * CVE-2016-1548: Prevent the change of time of an ntpd client or\n denying service to an ntpd client by forcing it to change from basic\n client/server mode to interleaved symmetric mode (bsc#977461).\n * CVE-2016-1549: Sybil vulnerability: ephemeral association attack\n (bsc#977451).\n * CVE-2016-1550: Improve security against buffer comparison timing\n attacks (bsc#977464).\n * CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y\n * CVE-2016-2516: Duplicate IPs on unconfig directives could have\n caused an assertion botch in ntpd (bsc#977452).\n * CVE-2016-2517: Remote configuration trustedkey/\n requestkey/controlkey values are not properly validated (bsc#977455).\n * CVE-2016-2518: Crafted addpeer with hmode &gt; 7 causes array\n wraparound with MATCH_ASSOC (bsc#977457).\n * CVE-2016-2519: ctl_getitem() return value not always checked\n (bsc#977458).\n * CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).\n * CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n * CVE-2015-7979: Off-path Denial of Service (DoS) attack on\n authenticated broadcast mode (bsc#962784).\n * CVE-2015-7978: Stack exhaustion in recursive traversal of\n restriction list (bsc#963000).\n * CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n * CVE-2015-7976: ntpq saveconfig command allowed dangerous characters\n in filenames (bsc#962802).\n * CVE-2015-7975: nextvar() missing length check (bsc#962988).\n * CVE-2015-7974: NTP did not verify peer associations of symmetric\n keys when authenticating packets, which might have allowed remote\n attackers to conduct impersonation attacks via an arbitrary trusted\n key, aka a &quot;skeleton&quot; key (bsc#962960).\n * CVE-2015-7973: Replay attack on authenticated broadcast mode\n (bsc#962995).\n * CVE-2015-5300: MITM attacker can force ntpd to make a step larger\n than the panic threshold (bsc#951629).\n * CVE-2015-5194: Crash with crafted logconfig configuration command\n (bsc#943218).\n * CVE-2015-7871: NAK to the Future: Symmetric association\n authentication bypass via crypto-NAK (bsc#952611).\n * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning\n FAIL on some bogus values (bsc#952611).\n * CVE-2015-7854: Password Length Memory Corruption Vulnerability\n (bsc#952611).\n * CVE-2015-7853: Invalid length data provided by a custom refclock\n driver could cause a buffer overflow (bsc#952611).\n * CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability\n (bsc#952611).\n * CVE-2015-7851: saveconfig Directory Traversal Vulnerability\n (bsc#952611).\n * CVE-2015-7850: Clients that receive a KoD now validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611).\n * CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611).\n * CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611).\n * CVE-2015-7703: Configuration directives &quot;pidfile&quot; and &quot;driftfile&quot;\n should only be allowed locally (bsc#943221).\n * CVE-2015-7704: Clients that receive a KoD should validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7705: Clients that receive a KoD should validate the origin\n timestamp field (bsc#952611).\n * CVE-2015-7691: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-7692: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-7702: Incomplete autokey data packet length checks\n (bsc#952611).\n * CVE-2015-1798: The symmetric-key feature in the receive function in\n ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC\n field has a nonzero length, which made it easier for\n man-in-the-middle attackers to spoof packets by omitting the MAC\n (bsc#924202).\n * CVE-2015-1799: The symmetric-key feature in the receive function in\n ntp_proto.c in ntpd in NTP performed state-variable updates upon\n receiving certain invalid packets, which made it easier for\n man-in-the-middle attackers to cause a denial of service\n (synchronization loss) by spoofing the source IP address of a peer\n (bsc#924202).\n\n These non-security issues were fixed:\n\n * Keep the parent process alive until the daemon has finished\n initialisation, to make sure that the PID file exists when the\n parent returns.\n * bsc#979302: Change the process name of the forking DNS worker\n process to avoid the impression that ntpd is started twice.\n * bsc#981422: Don't ignore SIGCHILD because it breaks wait().\n * Separate the creation of ntp.keys and key #1 in it to avoid problems\n when upgrading installations that have the file, but no key #1,\n which is needed e.g. by &quot;rcntp addserver&quot;.\n * bsc#957226: Restrict the parser in the startup script to the first\n occurrance of &quot;keys&quot; and &quot;controlkey&quot; in ntp.conf.\n * Enable compile-time support for MS-SNTP (--enable-ntp-signd)\n * bsc#975496: Fix ntp-sntp-dst.patch.\n * bsc#962318: Call /usr/sbin/sntp with full path to synchronize in\n start-ntpd. When run as cron job, /usr/sbin/ is not in the path,\n which caused the synchronization to fail.\n * bsc#782060: Speedup ntpq.\n * bsc#951559: Fix the TZ offset output of sntp during DST.\n * bsc#916617: Add /var/db/ntp-kod.\n * bsc#951351: Add ntp-ENOBUFS.patch to limit a warning that might\n happen quite a lot on loaded systems.\n * Add ntp-fork.patch and build with threads disabled to allow name\n resolution even when running chrooted.\n * bnc#784760: Remove local clock from default configuration.\n * Fix incomplete backporting of &quot;rcntp ntptimemset&quot;.\n * bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n * Don't let &quot;keysdir&quot; lines in ntp.conf trigger the &quot;keys&quot; parser.\n * bsc#910063: Fix the comment regarding addserver in ntp.conf.\n * bsc#944300: Remove &quot;kod&quot; from the restrict line in ntp.conf.\n * bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n * bsc#926510: Re-add chroot support, but mark it as deprecated and\n disable it by default.\n * bsc#920895: Drop support for running chrooted, because it is an\n ongoing source of problems and not really needed anymore, given that\n ntp now drops privileges and runs under apparmor.\n * bsc#920183: Allow -4 and -6 address qualifiers in &quot;server&quot;\n directives.\n * Use upstream ntp-wait, because our version is incompatible with the\n new ntpq command line syntax.\n * bsc#920905: Adjust Util.pm to the Perl version on SLE11.\n * bsc#920238: Enable ntpdc for backwards compatibility.\n * bsc#920893: Don't use %exclude.\n * bsc#988417: Default to NTPD_FORCE_SYNC_ON_STARTUP=&quot;yes&quot;\n * bsc#988565: Ignore errors when removing extra files during\n uninstallation\n * bsc#988558: Don't blindly guess the value to use for IP_TOS\n\n Security Issues:\n\n * CVE-2016-4953\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953</a>&gt;\n * CVE-2016-4954\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954</a>&gt;\n * CVE-2016-4955\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955</a>&gt;\n * CVE-2016-4956\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956</a>&gt;\n * CVE-2016-4957\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957</a>&gt;\n * CVE-2016-1547\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547</a>&gt;\n * CVE-2016-1548\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548</a>&gt;\n * CVE-2016-1549\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549</a>&gt;\n * CVE-2016-1550\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550</a>&gt;\n * CVE-2016-1551\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551</a>&gt;\n * CVE-2016-2516\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516</a>&gt;\n * CVE-2016-2517\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517</a>&gt;\n * CVE-2016-2518\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518</a>&gt;\n * CVE-2016-2519\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519</a>&gt;\n * CVE-2015-8158\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158</a>&gt;\n * CVE-2015-8138\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138</a>&gt;\n * CVE-2015-7979\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979</a>&gt;\n * CVE-2015-7978\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978</a>&gt;\n * CVE-2015-7977\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977</a>&gt;\n * CVE-2015-7976\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976</a>&gt;\n * CVE-2015-7975\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975</a>&gt;\n * CVE-2015-7974\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974</a>&gt;\n * CVE-2015-7973\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973</a>&gt;\n * CVE-2015-5300\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300</a>&gt;\n * CVE-2015-5194\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194</a>&gt;\n * CVE-2015-7871\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871</a>&gt;\n * CVE-2015-7855\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855</a>&gt;\n * CVE-2015-7854\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854</a>&gt;\n * CVE-2015-7853\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853</a>&gt;\n * CVE-2015-7852\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852</a>&gt;\n * CVE-2015-7851\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851</a>&gt;\n * CVE-2015-7850\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850</a>&gt;\n * CVE-2015-7849\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849</a>&gt;\n * CVE-2015-7848\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848</a>&gt;\n * CVE-2015-7701\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701</a>&gt;\n * CVE-2015-7703\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703</a>&gt;\n * CVE-2015-7704\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704</a>&gt;\n * CVE-2015-7705\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705</a>&gt;\n * CVE-2015-7691\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691</a>&gt;\n * CVE-2015-7692\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692</a>&gt;\n * CVE-2015-7702\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702</a>&gt;\n * CVE-2015-1798\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798</a>&gt;\n * CVE-2015-1799\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799</a>&gt;\n\n\n", "edition": 1, "modified": "2016-07-29T19:08:48", "published": "2016-07-29T19:08:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html", "id": "SUSE-SU-2016:1912-1", "title": "Security update for ntp (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2015-7855", "CVE-2016-4953", "CVE-2015-7973", "CVE-2015-1799", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-7975", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7851", "CVE-2015-7702", "CVE-2016-4957", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2016-2519", "CVE-2016-2517", "CVE-2015-7705", "CVE-2015-1798", "CVE-2015-5300", "CVE-2015-7974", "CVE-2015-7850", "CVE-2016-1549", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "edition": 1, "description": "The YaST2 NTP Client was updated to handle the presence of both xntp and\n ntp packages.\n\n If none are installed, &quot;ntp&quot; will be installed.\n\n Security Issues:\n\n * CVE-2016-4953\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953</a>&gt;\n * CVE-2016-4954\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954</a>&gt;\n * CVE-2016-4955\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955</a>&gt;\n * CVE-2016-4956\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956</a>&gt;\n * CVE-2016-4957\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957</a>&gt;\n * CVE-2016-1547\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547</a>&gt;\n * CVE-2016-1548\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548</a>&gt;\n * CVE-2016-1549\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549</a>&gt;\n * CVE-2016-1550\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550</a>&gt;\n * CVE-2016-1551\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551</a>&gt;\n * CVE-2016-2516\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516</a>&gt;\n * CVE-2016-2517\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517</a>&gt;\n * CVE-2016-2518\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518</a>&gt;\n * CVE-2016-2519\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519</a>&gt;\n * CVE-2015-8158\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158</a>&gt;\n * CVE-2015-8138\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138</a>&gt;\n * CVE-2015-7979\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979</a>&gt;\n * CVE-2015-7978\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978</a>&gt;\n * CVE-2015-7977\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977</a>&gt;\n * CVE-2015-7976\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976</a>&gt;\n * CVE-2015-7975\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975</a>&gt;\n * CVE-2015-7974\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974</a>&gt;\n * CVE-2015-7973\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973</a>&gt;\n * CVE-2015-5300\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300</a>&gt;\n * CVE-2015-5194\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194</a>&gt;\n * CVE-2015-7871\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871</a>&gt;\n * CVE-2015-7855\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855</a>&gt;\n * CVE-2015-7854\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854</a>&gt;\n * CVE-2015-7853\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853</a>&gt;\n * CVE-2015-7852\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852</a>&gt;\n * CVE-2015-7851\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851</a>&gt;\n * CVE-2015-7850\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850</a>&gt;\n * CVE-2015-7849\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849</a>&gt;\n * CVE-2015-7848\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848</a>&gt;\n * CVE-2015-7701\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701</a>&gt;\n * CVE-2015-7703\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703</a>&gt;\n * CVE-2015-7704\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704</a>&gt;\n * CVE-2015-7705\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705</a>&gt;\n * CVE-2015-7691\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691</a>&gt;\n * CVE-2015-7692\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692</a>&gt;\n * CVE-2015-7702\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702</a>&gt;\n * CVE-2015-1798\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798</a>&gt;\n * CVE-2015-1799\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799</a>&gt;\n\n\n", "modified": "2016-08-17T21:08:25", "published": "2016-08-17T21:08:25", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html", "id": "SUSE-SU-2016:2094-1", "type": "suse", "title": "Security update for yast2-ntp-client (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "software", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2016-0727", "CVE-2015-7973", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7976", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "description": "USN-3096-1 NTP vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\nCanonical Ubuntu 14.04 LTS\n\n# Description\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547)\n\nMiroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516)\n\nYihan Lian discovered that NTP incorrectly handled certain peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518)\n\nJakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP AppArmor profile.\n\n# Affected Cloud Foundry Products and Versions\n\nSeverity is medium unless otherwise noted.\n\nCloud Foundry BOSH stemcells are vulnerable, including:\n\n * All versions prior to 3146.24\n * 3151.x versions prior to 3151.2\n * 3232.x versions prior to 3232.22\n * 3233.x versions prior to 3233.2\n * 3262.x versions prior to 3262.21\n * Other versions prior to 3263.7\n\n# Mitigation\n\nThe Cloud Foundry team recommends upgrading to the following BOSH stemcells:\n\n * Upgrade all versions prior to 3146.x to 3146.24\n * Upgrade 3151.x versions to 3151.2\n * Upgrade 3232.x versions to 3232.22\n * Upgrade 3233.x versions to 3233.2\n * Upgrade 3262.x versions to 3262.21\n * Upgrade other versions to 3263.7\n\n# Credit\n\nMatt Street, Aanchal Malhotra, Jonathan Gardner, Matthew Van Gundy, Stephen Gray, Loganaden Velvindron, Yihan Lian, Jakub Prokes, Miroslav Lichvar\n\n# References\n\n * <https://www.ubuntu.com/usn/usn-3096-1/>\n", "edition": 5, "modified": "2016-12-21T00:00:00", "published": "2016-12-21T00:00:00", "id": "CFOUNDRY:0B67E4FF46553AC705FD601C96C1A6B6", "href": "https://www.cloudfoundry.org/blog/usn-3096-1/", "title": "USN-3096-1: NTP vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:44:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2016-4956", "CVE-2016-4955", "CVE-2015-8138", "CVE-2016-0727", "CVE-2015-7973", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7976", "CVE-2015-7975", "CVE-2016-1547", "CVE-2015-7974", "CVE-2015-7978"], "description": "Aanchal Malhotra discovered that NTP incorrectly handled authenticated \nbroadcast mode. A remote attacker could use this issue to perform a replay \nattack. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of \nsymmetric keys. A remote attacker could use this issue to perform an \nimpersonation attack. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled \nmemory. An attacker could possibly use this issue to cause ntpq to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 \nLTS. (CVE-2015-7975)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled \ndangerous characters in filenames. An attacker could possibly use this \nissue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. \nAn attacker could use this issue to cause NTP to crash, resulting in a \ndenial of service. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated \nbroadcast mode. A remote attacker could use this issue to cause NTP to \ncrash, resulting in a denial of service. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp \nchecks. A remote attacker could use this issue to spoof peer servers. \n(CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly \nhandle certain incorrect values. An attacker could possibly use this issue \nto cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the \nstatistics directory. A local attacker could possibly use this to escalate \nprivileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly \nvalidated crypto-NAKs. A remote attacker could possibly use this issue to \nprevent clients from synchronizing. (CVE-2016-1547)\n\nMiroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly \nhandled switching to interleaved symmetric mode. A remote attacker could \npossibly use this issue to prevent clients from synchronizing. \n(CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that \nNTP incorrectly handled message authentication. A remote attacker could \npossibly use this issue to recover the message digest key. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on \nunconfig directives. An authenticated remote attacker could possibly use \nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2016-2516)\n\nYihan Lian discovered that NTP incorrectly handled certail peer \nassociations. A remote attacker could possibly use this issue to cause NTP \nto crash, resulting in a denial of service. (CVE-2016-2518)\n\nJakub Prokes discovered that NTP incorrectly handled certain spoofed \npackets. A remote attacker could possibly use this issue to cause a denial \nof service. (CVE-2016-4954)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets \nwhen autokey is enabled. A remote attacker could possibly use this issue to \ncause a denial of service. (CVE-2016-4955)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed \nbroadcast packets. A remote attacker could possibly use this issue to \ncause a denial of service. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP \nAppArmor profile.", "edition": 5, "modified": "2016-10-05T00:00:00", "published": "2016-10-05T00:00:00", "id": "USN-3096-1", "href": "https://ubuntu.com/security/notices/USN-3096-1", "title": "NTP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:41:39", "bulletinFamily": "info", "cvelist": ["CVE-2015-7704", "CVE-2015-7705", "CVE-2015-7973", "CVE-2015-7974", "CVE-2015-7975", "CVE-2015-7976", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2015-8138", "CVE-2015-8139", "CVE-2015-8140", "CVE-2015-8158", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1549", "CVE-2016-1550", "CVE-2016-1551", "CVE-2016-2516", "CVE-2016-2517", "CVE-2016-2518", "CVE-2016-2519"], "description": "### Overview \n\nThe NTP.org reference implementation of `ntpd` contains multiple vulnerabilities.\n\n### Description \n\nNTP.org's reference implementation of NTP server, `ntpd`, contains multiple vulnerabilities.\n\n[**CWE-294**](<http://cwe.mitre.org/data/definitions/294.html>)**: Authentication Bypass by Capture-replay - **CVE-2015-7973 \n \nAn attacker on the network can record and replay authenticated broadcast mode packets. Also known as the \"Deja Vu\" attack. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7974 \n \nA missing key check allows impersonation between authenticated peers. Also known as the \"Skeleton Key\" attack. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7975 \n \nThe `nextvar()` function does not properly validate length. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7976 \n \n`ntpq saveconfig` command allows dangerous characters in filenames \n \n[**CWE-476**](<http://cwe.mitre.org/data/definitions/476.html>)**: NULL Pointer Dereference - **CVE-2015-7977 \n \n`reslist` NULL pointer dereference \n \n[**CWE-400**](<http://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption ('Resource Exhaustion') - **CVE-2015-7978 \n \nStack exhaustion in recursive traversal of restriction list \n \n[**CWE-821**](<http://cwe.mitre.org/data/definitions/821.html>)**: Incorrect Synchronization - **CVE-2015-7979 \n \nOff-path Denial of Service (DoS) attack on authenticated broadcast and other pre-emptable modes \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-8138 \n \nZero Origin Timestamp Bypass \n \n[**CWE-200**](<http://cwe.mitre.org/data/definitions/200.html>)**: Information Exposure - **CVE-2015-8139 \n \nNetwork Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability \n<http://support.ntp.org/bin/view/Main/NtpBug2946> \n \n[**CWE-294**](<http://cwe.mitre.org/data/definitions/294.html>)**: Authentication Bypass by Capture-replay - **CVE-2015-8140 \n \nNetwork Time Protocol ntpq Control Protocol Replay Vulnerability \n<http://support.ntp.org/bin/view/Main/NtpBug2947> \n \n[**CWE-400**](<http://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption ('Resource Exhaustion') - **CVE-2015-8158 \n \nPotential Infinite Loop in ntpq \n<http://support.ntp.org/bin/view/Main/NtpBug2948> \n \n[**CWE-821**](<http://cwe.mitre.org/data/definitions/821.html>)**: Incorrect Synchronization - **CVE-2016-1547 \n \nAn off-path attacker can deny service to `ntpd` clients by demobilizing preemptable associations using spoofed crypto-NAK packets. This vulnerability involves different code paths than those used by CVE-2015-7979. \n \n[**CWE-290**](<http://cwe.mitre.org/data/definitions/290.html>)**: Authentication Bypass by Spoofing - **CVE-2016-1548 \n \nBy spoofing packets from a legitimate server, an attacker can change the time of an` ntpd` client or deny service to an `ntpd` client by forcing it to change from basic client/server mode to interleaved symmetric mode. \n \n[**CWE-362**](<http://cwe.mitre.org/data/definitions/362.html>)**: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - **CVE-2016-1549 \n \nntpd does not prevent Sybil attacks from authenticated peers. An malicious authenticated peer can create any number of ephemeral associations in order to win ntpd's clock selection algorithm and modify a victim's clock. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2016-1550 \n \nntpd does not use a constant-time memory comparison function when validating the authentication digest on incoming packets. In some situations this may allow an attacker to conduct a timing attack to compute the value of the valid authentication digest causing forged packets to be accepted by `ntpd`. \n \n[**CWE-290**](<http://cwe.mitre.org/data/definitions/290.html>)**: Authentication Bypass by Spoofing - **CVE-2016-1551 \n \nntpd does not filter IPv4 bogon packets received from the network. This allows unauthenticated network attackers to spoof refclock packets to ntpd processes on systems that do not implement bogon filtering. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2016-2516, CVE-2016-2517 \n \nDuplicate IPs on `unconfig` directives will cause an assertion botch in `ntpd`. A regression caused by the patch for CVE-2016-2516 was fixed and identified as CVE-2016-2517. \n \n[**CWE-125**](<http://cwe.mitre.org/data/definitions/125.html>)**: Out-of-bounds Read - **CVE-2016-2518 \n \nUsing a crafted packet to create a peer association with hmode &gt; 7 causes the MATCH_ASSOC() lookup to make an out-of-bounds reference. \n \n[**CWE-119**](<http://cwe.mitre.org/data/definitions/119.html>)**: Improper Restriction of Operations within the Bounds of a Memory Buffer - **CVE-2016-2519 \n \n`ntpq` and `ntpdc` can be used to store and retrieve information in `ntpd`. It is possible to store a data value that is larger than the size of the buffer that the `ctl_getitem()` function of `ntpd` uses to report the return value. If the length of the requested data value returned by `ctl_getitem()` is too large, the value NULL is returned instead. There are 2 cases where the return value from `ctl_getitem()` was not directly checked to make sure it's not NULL, but there are subsequent INSIST() checks that make sure the return value is not NULL. There are no data values ordinarily stored in `ntpd` that would exceed this buffer length. But if one has permission to store values and one stores a value that is \"too large\", then `ntpd` will abort if an attempt is made to read that oversized value. \n \n[**CWE-20**](<http://cwe.mitre.org/data/definitions/20.html>)**: Improper Input Validation - **CVE-2015-7704**, **CVE-2015-7705 \n \nAn ntpd client that honors Kiss-of-Death (KoD) responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. \n \nFor more information on these vulnerabilities, please see NTP.org's [April 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>) as well as the [January 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>). \n \n--- \n \n### Impact \n\nUnauthenticated remote attackers may be able to spoof packets to cause denial of service, authentication bypass on commands, or certain configuration changes. For more information on these vulnerabilities, please see NTP.org's [April 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>) as well as the [January 2016 security advisory](<http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>). \n \n--- \n \n### Solution \n\n**Apply an update** \n \nPartial patches for some of these issues were initially released in January 2016 as version 4.2.8p6. Complete patches for all of these issues are now available in version [4.2.8p7](<http://www.ntp.org/downloads.html>), released 2016-04-26. Affected users are encouraged to update as soon as possible. \n \n--- \n \n### Vendor Information\n\n718152\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### NTP Project Affected\n\nNotified: January 19, 2016 Updated: April 22, 2016 \n\n**Statement Date: April 19, 2016**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### AT&amp;T Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Alcatel-Lucent Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Apple Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Arista Networks, Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Aruba Networks Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Avaya, Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Belkin, Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Blue Coat Systems Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CA Technologies Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CentOS Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Check Point Software Technologies Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Cisco Unknown\n\nNotified: January 08, 2016 Updated: January 08, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CoreOS Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### D-Link Systems, Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Debian GNU/Linux Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DesktopBSD Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DragonFly BSD Project Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EMC Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EfficientIP SAS Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Enterasys Networks Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ericsson Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Extreme Networks Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### F5 Networks, Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Fedora Project Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Force10 Networks Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### FreeBSD Project Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Gentoo Linux Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Google Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hardened BSD Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hitachi Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Huawei Technologies Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM eServer Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Infoblox Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Intel Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Internet Systems Consortium Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Juniper Networks Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### McAfee Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Microsoft Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NEC Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NTPsec Unknown\n\nNotified: January 19, 2016 Updated: January 19, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NetBSD Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nokia Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nominum Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OmniTI Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenBSD Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenDNS Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Oracle Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Peplink Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Q1 Labs Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### QNX Software Systems Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Red Hat, Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SUSE Linux Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SafeNet Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Secure64 Software Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Slackware Linux Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SmoothWall Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Snort Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sony Corporation Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sourcefire Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Symantec Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Turbolinux Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ubuntu Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Unisys Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### VMware Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Wind River Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### dnsmasq Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### m0n0wall Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### openSUSE project Unknown\n\nNotified: April 25, 2016 Updated: April 25, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\nView all 75 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 5.3 | E:POC/RL:OF/RC:C \nEnvironmental | 5.3 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>\n * <http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit>\n\n### Acknowledgements\n\nThanks to Cisco TALOS for reporting many of these issues to us. The Network Time Foundation credits many researchers for these vulnerabilities; see NTP.org's January 2016 and April 2016 security advisories for the complete list.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2015-7704](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7704>), [CVE-2015-7705](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7705>), [CVE-2015-7973](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7973>), [CVE-2015-7974](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7974>), [CVE-2015-7975](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7975>), [CVE-2015-7976](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7976>), [CVE-2015-7977](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7977>), [CVE-2015-7978](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7978>), [CVE-2015-7979](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-7979>), [CVE-2015-8138](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-8138>), [CVE-2015-8139](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-8139>), [CVE-2015-8140](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-8140>), [CVE-2015-8158](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-8158>), [CVE-2016-1547](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-1547>), [CVE-2016-1548](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-1548>), [CVE-2016-1549](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-1549>), [CVE-2016-1550](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-1550>), [CVE-2016-1551](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-1551>), [CVE-2016-2516](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-2516>), [CVE-2016-2517](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-2517>), [CVE-2016-2518](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-2518>), [CVE-2016-2519](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-2519>) \n---|--- \n**Date Public:** | 2016-04-26 \n**Date First Published:** | 2016-04-27 \n**Date Last Updated: ** | 2016-04-28 15:15 UTC \n**Document Revision: ** | 49 \n", "modified": "2016-04-28T15:15:00", "published": "2016-04-27T00:00:00", "id": "VU:718152", "href": "https://www.kb.cert.org/vuls/id/718152", "type": "cert", "title": "NTP.org ntpd contains multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:00", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1548", "CVE-2016-2518", "CVE-2015-7703", "CVE-2016-4956", "CVE-2015-8140", "CVE-2016-4955", "CVE-2015-8138", "CVE-2015-7855", "CVE-2016-4953", "CVE-2015-7973", "CVE-2015-7977", "CVE-2016-1550", "CVE-2015-8158", "CVE-2016-2516", "CVE-2015-7704", "CVE-2016-1551", "CVE-2015-7979", "CVE-2016-4954", "CVE-2015-7701", "CVE-2015-7976", "CVE-2015-7848", "CVE-2015-8139", "CVE-2015-7975", "CVE-2015-7692", "CVE-2016-1547", "CVE-2015-7851", "CVE-2015-7702", "CVE-2016-4957", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7849", "CVE-2015-7691", "CVE-2016-2519", "CVE-2016-2517", "CVE-2015-7705", "CVE-2015-7974", "CVE-2015-7850", "CVE-2016-1549", "CVE-2015-7854", "CVE-2015-7978", "CVE-2015-7853"], "description": "### Background\n\nNTP contains software for the Network Time Protocol.\n\n### Description\n\nMultiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/ntp-4.2.8_p8\"", "edition": 1, "modified": "2016-07-20T00:00:00", "published": "2016-07-20T00:00:00", "id": "GLSA-201607-15", "href": "https://security.gentoo.org/glsa/201607-15", "type": "gentoo", "title": "NTP: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oracle": [{"lastseen": "2019-05-29T18:21:07", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600", "CVE-2016-5465", "CVE-2015-4000", "CVE-2016-3446", "CVE-2016-3508", "CVE-2016-3547", "CVE-2016-3529", "CVE-2016-5452", "CVE-2016-5445", "CVE-2016-1548", "CVE-2016-2518", "CVE-2016-3485", "CVE-2016-3444", "CVE-2015-1792", "CVE-2014-3566", "CVE-2016-3552", "CVE-2015-0235", "CVE-2016-3615", "CVE-2015-1793", "CVE-2016-3491", "CVE-2016-3553", "CVE-2016-3477", "CVE-2016-3613", "CVE-2016-5477", "CVE-2016-3488", "CVE-2015-3197", "CVE-2016-3592", "CVE-2016-3573", "CVE-2016-3494", "CVE-2016-5466", "CVE-2016-5019", "CVE-2015-3236", "CVE-2016-3544", "CVE-2014-3572", "CVE-2016-0705", "CVE-2016-3545", "CVE-2016-3611", "CVE-2015-7181", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-5455", "CVE-2016-3574", "CVE-2015-8138", "CVE-2016-3500", "CVE-2016-5472", "CVE-2016-4051", "CVE-2016-3445", "CVE-2016-5454", "CVE-2016-3554", "CVE-2016-5458", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-3570", "CVE-2016-3432", "CVE-2016-3515", "CVE-2016-2108", "CVE-2016-5447", "CVE-2016-3474", "CVE-2016-3528", "CVE-2016-5440", "CVE-2016-3580", "CVE-2014-3571", "CVE-2016-5450", "CVE-2016-3496", "CVE-2016-3555", "CVE-2016-3596", "CVE-2016-1938", "CVE-2016-5468", "CVE-2016-3481", "CVE-2016-3563", "CVE-2016-0799", "CVE-2016-3539", "CVE-2016-3507", "CVE-2016-3584", "CVE-2016-3519", "CVE-2016-5460", "CVE-2016-3472", "CVE-2016-3583", "CVE-2016-5471", "CVE-2016-3511", "CVE-2016-3479", "CVE-2016-3499", "CVE-2013-2064", "CVE-2014-0224", "CVE-2016-5467", "CVE-2016-0635", "CVE-2016-3498", "CVE-2016-2105", "CVE-2016-3560", "CVE-2016-3514", "CVE-2016-5453", "CVE-2016-3440", "CVE-2016-4052", "CVE-2015-3194", "CVE-2016-2107", "CVE-2016-3607", "CVE-2016-3556", "CVE-2016-3512", "CVE-2016-3532", "CVE-2015-7501", "CVE-2016-1550", "CVE-2016-3475", "CVE-2015-3253", "CVE-2016-0701", "CVE-2016-3476", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-1182", "CVE-2015-7704", "CVE-2016-3585", "CVE-2016-5444", "CVE-2016-3538", "CVE-2014-8275", "CVE-2016-3452", "CVE-2015-7979", "CVE-2016-3549", "CVE-2016-0797", "CVE-2015-7182", "CVE-2016-0702", "CVE-2015-2808", "CVE-2014-3570", "CVE-2016-5451", "CVE-2015-7575", "CVE-2016-3577", "CVE-2016-3591", "CVE-2016-3567", "CVE-2016-3467", "CVE-2016-3537", "CVE-2016-3593", "CVE-2016-3606", "CVE-2016-5456", "CVE-2016-3468", "CVE-2016-3540", "CVE-2016-2109", "CVE-2016-3559", "CVE-2016-5476", "CVE-2015-2721", "CVE-2016-3530", "CVE-2015-3193", "CVE-2014-9708", "CVE-2016-5473", "CVE-2016-3568", "CVE-2016-3453", "CVE-2016-5464", "CVE-2016-5462", "CVE-2016-3490", "CVE-2016-3572", "CVE-2016-3513", "CVE-2012-3137", "CVE-2015-0228", "CVE-2016-3509", "CVE-2015-3237", "CVE-2016-3565", "CVE-2016-5437", "CVE-2016-3534", "CVE-2016-3503", "CVE-2015-7183", "CVE-2016-3550", "CVE-2015-1788", "CVE-2016-3525", "CVE-2016-3587", "CVE-2016-3561", "CVE-2016-3504", "CVE-2016-3581", "CVE-2016-3501", "CVE-2016-5457", "CVE-2016-1547", "CVE-2015-3183", "CVE-2016-3614", "CVE-2012-3410", "CVE-2016-5461", "CVE-2016-5439", "CVE-2015-0204", "CVE-2016-5449", "CVE-2016-3578", "CVE-2016-3527", "CVE-2016-0800", "CVE-2016-3489", "CVE-2016-3483", "CVE-2016-3433", "CVE-2016-5459", "CVE-2016-1181", "CVE-2016-3450", "CVE-2016-3524", "CVE-2016-5442", "CVE-2016-3564", "CVE-2016-5470", "CVE-2013-2566", "CVE-2016-2176", "CVE-2015-1790", "CVE-2016-3542", "CVE-2016-1978", "CVE-2016-3575", "CVE-2016-3531", "CVE-2016-3502", "CVE-2016-3459", "CVE-2016-5446", "CVE-2016-3480", "CVE-2016-3533", "CVE-2016-5469", "CVE-2016-3526", "CVE-2016-5448", "CVE-2016-3486", "CVE-2016-3448", "CVE-2016-5474", "CVE-2016-5436", "CVE-2016-3523", "CVE-2016-5441", "CVE-2016-5475", "CVE-2016-3576", "CVE-2016-3595", "CVE-2016-3610", "CVE-2016-3458", "CVE-2016-3484", "CVE-2016-3586", "CVE-2016-3520", "CVE-2016-3451", "CVE-2016-3582", "CVE-2015-5300", "CVE-2016-3497", "CVE-2016-3589", "CVE-2016-3517", "CVE-2016-3608", "CVE-2016-3510", "CVE-2016-3493", "CVE-2016-3536", "CVE-2016-3548", "CVE-2016-3506", "CVE-2016-3571", "CVE-2016-3487", "CVE-2016-3546", "CVE-2016-5463", "CVE-2016-3541", "CVE-2016-3081", "CVE-2016-3521", "CVE-2015-0205", "CVE-2016-4053", "CVE-2016-3579", "CVE-2016-5443", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-2106", "CVE-2016-3594", "CVE-2016-3478", "CVE-2016-3522", "CVE-2016-3535", "CVE-2016-3543", "CVE-2016-3612", "CVE-2014-3569", "CVE-2016-3470", "CVE-2016-3518", "CVE-2016-3516", "CVE-2015-1791", "CVE-2016-3569", "CVE-2016-3482", "CVE-2016-3590", "CVE-2015-8104", "CVE-2016-3609", "CVE-2016-3566", "CVE-2016-3469"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2016-10-18T00:00:00", "published": "2016-07-19T00:00:00", "id": "ORACLE:CPUJUL2016-2881720", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:16:01", "bulletinFamily": "software", "cvelist": ["CVE-2012-3137", "CVE-2012-3410", "CVE-2013-2064", "CVE-2013-2566", "CVE-2014-0224", "CVE-2014-3566", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2014-9708", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0228", "CVE-2015-0235", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-2721", "CVE-2015-2808", "CVE-2015-3183", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-3253", "CVE-2015-4000", "CVE-2015-5300", "CVE-2015-5600", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7501", "CVE-2015-7575", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-8104", "CVE-2015-8138", "CVE-2016-0635", "CVE-2016-0701", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-1938", "CVE-2016-1978", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2518", "CVE-2016-3081", "CVE-2016-3424", "CVE-2016-3432", "CVE-2016-3433", "CVE-2016-3440", "CVE-2016-3444", "CVE-2016-3445", "CVE-2016-3446", "CVE-2016-3448", "CVE-2016-3450", "CVE-2016-3451", "CVE-2016-3452", "CVE-2016-3453", "CVE-2016-3458", "CVE-2016-3459", "CVE-2016-3467", "CVE-2016-3468", "CVE-2016-3469", "CVE-2016-3470", "CVE-2016-3471", "CVE-2016-3472", "CVE-2016-3474", "CVE-2016-3475", "CVE-2016-3476", "CVE-2016-3477", "CVE-2016-3478", "CVE-2016-3479", "CVE-2016-3480", "CVE-2016-3481", "CVE-2016-3482", "CVE-2016-3483", "CVE-2016-3484", "CVE-2016-3485", "CVE-2016-3486", "CVE-2016-3487", "CVE-2016-3488", "CVE-2016-3489", "CVE-2016-3490", "CVE-2016-3491", "CVE-2016-3493", "CVE-2016-3494", "CVE-2016-3496", "CVE-2016-3497", "CVE-2016-3498", "CVE-2016-3499", "CVE-2016-3500", "CVE-2016-3501", "CVE-2016-3502", "CVE-2016-3503", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3507", "CVE-2016-3508", "CVE-2016-3509", "CVE-2016-3510", "CVE-2016-3511", "CVE-2016-3512", "CVE-2016-3513", "CVE-2016-3514", "CVE-2016-3515", "CVE-2016-3516", "CVE-2016-3517", "CVE-2016-3518", "CVE-2016-3519", "CVE-2016-3520", "CVE-2016-3521", "CVE-2016-3522", "CVE-2016-3523", "CVE-2016-3524", "CVE-2016-3525", "CVE-2016-3526", "CVE-2016-3527", "CVE-2016-3528", "CVE-2016-3529", "CVE-2016-3530", "CVE-2016-3531", "CVE-2016-3532", "CVE-2016-3533", "CVE-2016-3534", "CVE-2016-3535", "CVE-2016-3536", "CVE-2016-3537", "CVE-2016-3538", "CVE-2016-3539", "CVE-2016-3540", "CVE-2016-3541", "CVE-2016-3542", "CVE-2016-3543", "CVE-2016-3544", "CVE-2016-3545", "CVE-2016-3546", "CVE-2016-3547", "CVE-2016-3548", "CVE-2016-3549", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3553", "CVE-2016-3554", "CVE-2016-3555", "CVE-2016-3556", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-3559", "CVE-2016-3560", "CVE-2016-3561", "CVE-2016-3563", "CVE-2016-3564", "CVE-2016-3565", "CVE-2016-3566", "CVE-2016-3567", "CVE-2016-3568", "CVE-2016-3569", "CVE-2016-3570", "CVE-2016-3571", "CVE-2016-3572", "CVE-2016-3573", "CVE-2016-3574", "CVE-2016-3575", "CVE-2016-3576", "CVE-2016-3577", "CVE-2016-3578", "CVE-2016-3579", "CVE-2016-3580", "CVE-2016-3581", "CVE-2016-3582", "CVE-2016-3583", "CVE-2016-3584", "CVE-2016-3585", "CVE-2016-3586", "CVE-2016-3587", "CVE-2016-3588", "CVE-2016-3589", "CVE-2016-3590", "CVE-2016-3591", "CVE-2016-3592", "CVE-2016-3593", "CVE-2016-3594", "CVE-2016-3595", "CVE-2016-3596", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3607", "CVE-2016-3608", "CVE-2016-3609", "CVE-2016-3610", "CVE-2016-3611", "CVE-2016-3612", "CVE-2016-3613", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-4051", "CVE-2016-4052", "CVE-2016-4053", "CVE-2016-5019", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444", "CVE-2016-5445", "CVE-2016-5446", "CVE-2016-5447", "CVE-2016-5448", "CVE-2016-5449", "CVE-2016-5450", "CVE-2016-5451", "CVE-2016-5452", "CVE-2016-5453", "CVE-2016-5454", "CVE-2016-5455", "CVE-2016-5456", "CVE-2016-5457", "CVE-2016-5458", "CVE-2016-5459", "CVE-2016-5460", "CVE-2016-5461", "CVE-2016-5462", "CVE-2016-5463", "CVE-2016-5464", "CVE-2016-5465", "CVE-2016-5466", "CVE-2016-5467", "CVE-2016-5468", "CVE-2016-5469", "CVE-2016-5470", "CVE-2016-5471", "CVE-2016-5472", "CVE-2016-5473", "CVE-2016-5474", "CVE-2016-5475", "CVE-2016-5476", "CVE-2016-5477"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2016-10-18T00:00:00", "published": "2016-07-19T00:00:00", "id": "ORACLE:CPUJUL2016", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}