Lucene search

Veracode Vulnerability DatabaseVERACODE:16999

HistoryMay 02, 2019 - 5:34 a.m.

Denial Of Service (DoS)

2019-05-0205:34:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON

ntp is vulnerable to denial of service (DoS). The vulnerability exists through a spoofed packet from a legitimate ntpd server.

CPENameOperatorVersion
ntpeq4.2.6p5__1.el6
ntpeq4.2.4p8__3.el6
ntpeq4.2.6p5__2.el6_5
ntpeq4.2.6p5__2.el6_6
ntpeq4.2.6p5__5.el6
ntpeq4.2.4p8__2.el6
ntpeq4.2.6p5__5.el6_7.2
ntpeq4.2.6p5__5.el6_7.4
ntpeq4.2.6p5__3.el6_6
ntpeq4.2.6p5__1.el6

Name	Operator	Version
ntp	eq	4.2.6p5__1.el6
ntp	eq	4.2.4p8__3.el6
ntp	eq	4.2.6p5__2.el6_5
ntp	eq	4.2.6p5__2.el6_6
ntp	eq	4.2.6p5__5.el6
ntp	eq	4.2.4p8__2.el6
ntp	eq	4.2.6p5__5.el6_7.2
ntp	eq	4.2.6p5__5.el6_7.4
ntp	eq	4.2.6p5__3.el6_6
ntp	eq	4.2.6p5__1.el6

Rows per page:

1-10 of 181

References

lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html

lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html

rhn.redhat.com/errata/RHSA-2016-1552.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

www.debian.org/security/2016/dsa-3629

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/archive/1/538233/100/0/threaded

www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded

www.securityfocus.com/bid/88264

www.securitytracker.com/id/1035705

www.talosintelligence.com/reports/TALOS-2016-0082/

www.ubuntu.com/usn/USN-3096-1

access.redhat.com/errata/RHSA-2016:1141

access.redhat.com/security/updates/classification/#moderate

cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc

security.gentoo.org/glsa/201607-15

security.netapp.com/advisory/ntap-20171004-0002/

us-cert.cisa.gov/ics/advisories/icsa-21-103-11

us-cert.cisa.gov/ics/advisories/icsa-21-159-11

www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

www.debian.org/security/2016/dsa-3629

www.kb.cert.org/vuls/id/718152

www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON

Denial Of Service (DoS)

References

Related