ID

VAR-200912-0769


CVE

CVE-2009-3563


TITLE

NTP mode 7 denial-of-service vulnerability

Trust: 0.8

sources: CERT/CC: VU#568372

DESCRIPTION

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. NTP for, mode 7 A vulnerability exists due to packet processing. NTP Then "restrict ... noquery" or "restrict ... ignore" There are no restrictions due to the settings of IP From the address, an invalid mode 7 request or mode 7 If you receive an error response, mode 7 Returns and logs the error message. NTP The sender address was spoofed. mode 7 A vulnerability exists due to packet processing.Service operation obstruction by a remote third party (DoS) You may be attacked. NTP is prone to a remote denial-of-service vulnerability because it fails to properly handle certain incoming network packets. An attacker can exploit this issue to cause the application to consume excessive CPU resources and fill disk space with log messages. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 7377623e9f89c5f6f6cc7af577974458 2008.0/i586/ntp-4.2.4-10.3mdv2008.0.i586.rpm 977fdaf289c9eff53fb6d563b8a60ede 2008.0/i586/ntp-client-4.2.4-10.3mdv2008.0.i586.rpm e2701dc192a578b141f9408d355522b6 2008.0/i586/ntp-doc-4.2.4-10.3mdv2008.0.i586.rpm 167e3a9dbf1bd10fd576e6a91a2cbc10 2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4fa28ef04548ded3dc604ea61a671cc5 2008.0/x86_64/ntp-4.2.4-10.3mdv2008.0.x86_64.rpm b79353be7c2da1fadf3bc55c2c06a6a6 2008.0/x86_64/ntp-client-4.2.4-10.3mdv2008.0.x86_64.rpm c93dd45fc32ece044874c09aac85ce66 2008.0/x86_64/ntp-doc-4.2.4-10.3mdv2008.0.x86_64.rpm 167e3a9dbf1bd10fd576e6a91a2cbc10 2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm Mandriva Linux 2009.0: 6a38837b845970b62520f48273362485 2009.0/i586/ntp-4.2.4-18.5mdv2009.0.i586.rpm 4f9d98a186c4ca4348f8296fde0bf174 2009.0/i586/ntp-client-4.2.4-18.5mdv2009.0.i586.rpm 0ae26de5f1bddba4c2718a55463d94b7 2009.0/i586/ntp-doc-4.2.4-18.5mdv2009.0.i586.rpm 45b55bdbde84289b20e295b9dbf188fb 2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: e31f3f71e730e5777d9832cd76430b17 2009.0/x86_64/ntp-4.2.4-18.5mdv2009.0.x86_64.rpm 67a998da616d287fe9e15092bbd45ff6 2009.0/x86_64/ntp-client-4.2.4-18.5mdv2009.0.x86_64.rpm ab02dd7a3457f0ba75248390827c69a4 2009.0/x86_64/ntp-doc-4.2.4-18.5mdv2009.0.x86_64.rpm 45b55bdbde84289b20e295b9dbf188fb 2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm Mandriva Linux 2009.1: b6597f0ee96ec99c7ddbe5e18a588e48 2009.1/i586/ntp-4.2.4-22.3mdv2009.1.i586.rpm 069667f851886c39daa0309a5e920619 2009.1/i586/ntp-client-4.2.4-22.3mdv2009.1.i586.rpm 9d5b87f008f00ad30b3c652e5f62eea2 2009.1/i586/ntp-doc-4.2.4-22.3mdv2009.1.i586.rpm e2686dd1237f529bb08f2837052fb46f 2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: e88121b38c942c572b61ba7631130104 2009.1/x86_64/ntp-4.2.4-22.3mdv2009.1.x86_64.rpm c10eaf7ecbeb3b5db5eac978cb2ae78e 2009.1/x86_64/ntp-client-4.2.4-22.3mdv2009.1.x86_64.rpm 8ff34e79ed1f88fa2e7b7e8030232a30 2009.1/x86_64/ntp-doc-4.2.4-22.3mdv2009.1.x86_64.rpm e2686dd1237f529bb08f2837052fb46f 2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 2913258a9be65654a3ce5e16c1bd5b25 2010.0/i586/ntp-4.2.4-27.1mdv2010.0.i586.rpm 90cf8d7f8fb468461f8b8baf7d97daa4 2010.0/i586/ntp-client-4.2.4-27.1mdv2010.0.i586.rpm 0b8527559ef05049461cea2f5a83bd6d 2010.0/i586/ntp-doc-4.2.4-27.1mdv2010.0.i586.rpm 7bbd4271086ace434dd8a958bc7c2488 2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 2e938e58d48f3f581ffaab085dacc1f2 2010.0/x86_64/ntp-4.2.4-27.1mdv2010.0.x86_64.rpm cde3421867c549169751f2964420a578 2010.0/x86_64/ntp-client-4.2.4-27.1mdv2010.0.x86_64.rpm d9799e7286a49420699d3995e8bc1e47 2010.0/x86_64/ntp-doc-4.2.4-27.1mdv2010.0.x86_64.rpm 7bbd4271086ace434dd8a958bc7c2488 2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm Corporate 3.0: 65dda36544e7a43175abfd64aa725b34 corporate/3.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm a485cad0631598335af0e89ea399ff9d corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm Corporate 3.0/X86_64: 44130a38552f20b3f34d176c47aa5aab corporate/3.0/x86_64/ntp-4.2.0-2.4.C30mdk.x86_64.rpm a485cad0631598335af0e89ea399ff9d corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm Corporate 4.0: a2f5a598865d390f7c537fc9e1a9a758 corporate/4.0/i586/ntp-4.2.0-21.7.20060mlcs4.i586.rpm f7eb3884bc0aa71f8237d9500d24489e corporate/4.0/i586/ntp-client-4.2.0-21.7.20060mlcs4.i586.rpm d2ed46d981570f66763f85c822b14179 corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 1bd4395c9c80b583bad4ce5085c0d557 corporate/4.0/x86_64/ntp-4.2.0-21.7.20060mlcs4.x86_64.rpm 95f812f672cf79fccee411154c23d6ee corporate/4.0/x86_64/ntp-client-4.2.0-21.7.20060mlcs4.x86_64.rpm d2ed46d981570f66763f85c822b14179 corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 16e3975f3e4bb9a830eb1e8166f2fec7 mes5/i586/ntp-4.2.4-18.5mdvmes5.i586.rpm 2af9623d6f3685d54dd4db31f9622f7a mes5/i586/ntp-client-4.2.4-18.5mdvmes5.i586.rpm 5abb771d456b4094d123c5cf24701aee mes5/i586/ntp-doc-4.2.4-18.5mdvmes5.i586.rpm 086a05988392a6602c023f4e453bcc32 mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 9b40b186bf9ebeb70c1350f9a158ac92 mes5/x86_64/ntp-4.2.4-18.5mdvmes5.x86_64.rpm f4a42229dc9b408b04f0c83aa3a25720 mes5/x86_64/ntp-client-4.2.4-18.5mdvmes5.x86_64.rpm 2022447e5d9dbf6ee1a6e594935b1d04 mes5/x86_64/ntp-doc-4.2.4-18.5mdvmes5.x86_64.rpm 086a05988392a6602c023f4e453bcc32 mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm Multi Network Firewall 2.0: 56a2596fd513295f0700508c08a6a3da mnf/2.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm f8218643f02c3168e0331852630835a0 mnf/2.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLHtsAmqjQ0CJFipgRAi1pAKDUH87qI312n3XHGnl4TgVNC+IuvACbBhUw nLO5FqSyfvZaqSNZ93vTSUw= =XCg1 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0004 Synopsis: ESX Service Console and vMA third party updates Issue date: 2010-03-03 Updated on: 2010-03-03 (initial release of advisory) CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-0590 CVE-2009-4022 CVE-2009-3560 CVE-2009-3720 CVE-2009-2904 CVE-2009-3563 CVE-2009-2695 CVE-2009-2849 CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2008-3916 CVE-2009-1189 CVE-2009-0115 - ------------------------------------------------------------------------ 1. Summary ESX Service Console updates for newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages. 2. Relevant releases VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG, ESX400-201002406-SG VMware vMA 4.0 before patch 3 3. Problem Description a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1 Newt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2905 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201002406-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. vMA and Service Console update for vMA package nfs-utils to 1.0.9-42.el5 The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4552 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201002407-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1 GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either from or to a base64 representation. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4316 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201002404-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. d. vMA and Service Console update for openssl to 0.9.8e-12.el5 SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full- strength cryptography world-wide. Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues. An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0590 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. e. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1 It was discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4022 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. f. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially- crafted XML file could cause applications using Expat to fail while parsing the file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-3560 and CVE-2009-3720 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2 A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2904 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. h. vMA and Service Console package ntp updated to ntp-4.2.2p1-9.el5_4.1.i386.rpm A flaw was discovered in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. i. vMA update for package kernel to 2.6.18-164.9.1.el5 Updated vMA package kernel addresses the security issues listed below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2849 to the security issue fixed in kernel 2.6.18-128.2.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-128.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-128.9.1 The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** vMA is updated to kernel version 2.6.18-164.9.1 j. vMA 4.0 updates for the packages kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to 095-14.20.el5 device-mapper-multipath package updated to 0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5, and ed package updated to 0.2-39.el5_2. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3916, CVE-2009-1189 and CVE-2009-0115 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732 240/ESX400-201002001.zip md5sum: de62cbccaffa4b2b6831617f18c1ccb4 sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab http://kb.vmware.com/kb/1018403 Note: ESX400-201002001 contains the following security bulletins ESX400-201002404-SG, ESX400-201002407-SG, and ESX400-201002406-SG. To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX400-201002001.zip -b ESX400-201002404-SG \ -b ESX400-201002407-SG -b ESX400-201002406-SG update vMA 4.0 ------- To update VIMA 1 Log in to VIMA as vi-admin. 2 type 'sudo /usr/sbin/vima-update update' this will apply all currently available updates. See http://tinyurl.com/yfekgrx for more information. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115 - ------------------------------------------------------------------------ 6. Change log 2010-03-03 VMSA-2010-0004 Initial security advisory after release of bulletins for ESX 4.0 on 2010-03-03 and release of vMA Patch 3 on 2010-02-25. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFLj1c6S2KysvBH1xkRAnl5AJ9RcHVB7qooSwOPFdVoDFTjohDypgCfZ44O 2z0ICIcntM88ZONMfDNUM6Y= =14fN -----END PGP SIGNATURE----- . For the oldstable distribution (etch), this problem has been fixed in version 1:4.2.2.p4+dfsg-2etch4. For the stable distribution (lenny), this problem has been fixed in version 1:4.2.4p4+dfsg-8lenny3. For the testing (squeeze) and unstable (sid) distribution, this problem will be fixed soon. We recommend that you upgrade your ntp packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc Size/MD5 checksum: 906 115e93f010e32aa1c90231461487503a http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz Size/MD5 checksum: 2199764 ad746cda2d90dbb9ed06fe164273c5d0 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz Size/MD5 checksum: 182632 80aa236bd0a39096c5e5d462c0b9b279 Architecture independent packages: http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb Size/MD5 checksum: 28596 df605f89c08a01116c2ff799777f6a2c http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb Size/MD5 checksum: 28594 0c683ac7e7f5b131515f956aed87de3d http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb Size/MD5 checksum: 912886 1af5a623cbf5f145f34dab7beefcd183 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb Size/MD5 checksum: 408070 ca33235c58a26ad1a839084b4f2d385c http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb Size/MD5 checksum: 65056 e527eb4c93d427c025374805fb5288cb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb Size/MD5 checksum: 62258 13a4f4faaf699913e421c093e598f2a9 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb Size/MD5 checksum: 359384 1a289aa1f8439e2ef736cbf29bbe140f arm architecture (ARM) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb Size/MD5 checksum: 59784 8a84cae4e8f643cbd3ed684e5a7eb0ff http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb Size/MD5 checksum: 344316 57066e8abfdf51c36d63600c993f3c20 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb Size/MD5 checksum: 372448 0b8f9b90bb03a2f572066fe8b47c7202 http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb Size/MD5 checksum: 62160 88dc964fa357187ddc97d37513a863ba i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb Size/MD5 checksum: 58316 90fc92e7a8f6582ee21076849ae0dfba http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb Size/MD5 checksum: 333772 e5fbae24686d444fff118f3ce9cc45db ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb Size/MD5 checksum: 523358 0032e3c9bcb4a27a312a47fb95d1f9a1 http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb Size/MD5 checksum: 74712 72c1b601f4beb41c6c04a54534ba9c51 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb Size/MD5 checksum: 382868 2980d63a9ca6344e6a76698d0e808f8c http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb Size/MD5 checksum: 63610 d523930b9b98d6353bf4e6fb7d7e57f5 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb Size/MD5 checksum: 64134 e4042de5af081701911a7cece69c6cce http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb Size/MD5 checksum: 390142 b50dc2bd5970f224b6994c460f8f560a powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb Size/MD5 checksum: 358860 432b58ad621ac266455f7e5124d2eb1c http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb Size/MD5 checksum: 61760 2c9dd1b3a8d61bece4f420e533b7a6eb s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_s390.deb Size/MD5 checksum: 350300 40a28748d5016101c179bd4a22c08390 http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_s390.deb Size/MD5 checksum: 61242 14c08344bfd0561ced0d54aa2cd23a2e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_sparc.deb Size/MD5 checksum: 58584 0e573ef22b1514b12e01fa6ac2bb1ddb http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_sparc.deb Size/MD5 checksum: 332284 4589ff44bc97ad73513d8ba5419c7845 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.dsc Size/MD5 checksum: 1459 81e70fe84f27e3bfabdbfb9f3122492b http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz Size/MD5 checksum: 2835029 dc2b3ac9cc04b0f29df35467514c9884 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.diff.gz Size/MD5 checksum: 300928 b568f39eda3e46f27239ad44021f968c Architecture independent packages: http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny3_all.deb Size/MD5 checksum: 927658 8db03976b7b105057ead2da4bae09219 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_alpha.deb Size/MD5 checksum: 66706 9213dcba9a99fa363f0ce48c514a008b http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_alpha.deb Size/MD5 checksum: 538492 de37b288ef933f34446ab78a8d8ed76b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_amd64.deb Size/MD5 checksum: 63836 a0b5b030abe6a6c32591366febcec1d1 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_amd64.deb Size/MD5 checksum: 479472 277efe45a76a24da6ca14ae581d0a3a2 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_arm.deb Size/MD5 checksum: 61220 d4905eea52795330e517acca903059f4 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_arm.deb Size/MD5 checksum: 448164 cc28e545eb359eba225abfcb02cc4377 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_armel.deb Size/MD5 checksum: 62794 e5a43b8076a77643cc742348f0e63de1 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_armel.deb Size/MD5 checksum: 458908 3721b8d7b7a67b31db6249521dd9f015 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_hppa.deb Size/MD5 checksum: 63872 53a7009f1888c06b162c258a9bb5d6fb http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_hppa.deb Size/MD5 checksum: 485744 b8e950ba02a13ecacfe332db56c0c887 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_i386.deb Size/MD5 checksum: 434672 6ccfb060f39cc56f39ef8806865b767d http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_i386.deb Size/MD5 checksum: 60114 2f0914ae2191ddf3f74529bc896299da ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_ia64.deb Size/MD5 checksum: 707812 eb960c732894d56589ba62d76c5ba568 http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_ia64.deb Size/MD5 checksum: 76366 6b5b986e454276661e8b483f095bd16e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mips.deb Size/MD5 checksum: 64116 ab287c70d2c2daf7b1a8808db8dcedc9 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mips.deb Size/MD5 checksum: 490394 0009cb5333123767dc3afcde682d9e10 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mipsel.deb Size/MD5 checksum: 500786 3b842b738e616f301c31cd025c595235 http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mipsel.deb Size/MD5 checksum: 64776 fd31cdaa7a78d7e3fa072b746dd98e01 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_powerpc.deb Size/MD5 checksum: 490620 21d03b435c327c2884fe587a56fe10fb http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_powerpc.deb Size/MD5 checksum: 65470 6966f71002ae63c104e608af1a7daa3a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_s390.deb Size/MD5 checksum: 63678 4b143ad2444681bdb1ee44d395996a29 http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_s390.deb Size/MD5 checksum: 474000 6fb44a33381b0d582599eb33896d8f0f These files will probably be moved into the stable distribution on its next update. Product/Patch kit ITRC Download Location MD5 and SHA1 Checksum HP Tru64 UNIX v 5.1B-4 PK6 (BL27) T64KIT1001787-V51BB27-ES-20100817 http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001787-V51BB27-ES-20100817 MD5 results: 2b3a21a96b7855d9ca223f483bd5bfed SHA1 results: ac2221c9d025008b258ac8592a210e16e775fbcf HP Tru64 UNIX v 5.1B-5 PK7 (BL28) T64KIT1001786-V51BB28-ES-20100816 http://www13.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001786-V51BB28-ES-20100816 MD5 results: b34d028797577408d565da27d93c30a9 SHA1 results: b34d028797577408d565da27d93c30a9 Note: The patch kit installation instructions and the Patch Summary and Release Notes documents provide patch kit installation and removal instructions and a summary of each patch. Please read these documents prior to installing patches. =========================================================== Ubuntu Security Notice USN-867-1 December 08, 2009 ntp vulnerability CVE-2009-3563 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ntp 1:4.2.0a+stable-8.1ubuntu6.3 ntp-server 1:4.2.0a+stable-8.1ubuntu6.3 Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.3 Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.4 Ubuntu 9.04: ntp 1:4.2.4p4+dfsg-7ubuntu5.2 Ubuntu 9.10: ntp 1:4.2.4p6+dfsg-1ubuntu5.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. HP TCP/IP Services for OpenVMS v5.4, v5.5, v5.6, and v5.7 (only affected by CVE-2009-3563) on Itanium and Alpha platforms. Patch kit installation instructions are provided in the file readme.txt . ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. NOTE: ESX does not use the BIND name service daemon by default. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE) 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) CVE Name: CVE-2009-3563 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. II. III. IV. Workaround Proper filtering of mode 7 NTP packets by a firewall can limit the number of systems used to attack your resources. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/ntp/ntpd # make obj && make depend && make && make install # /etc/rc.d/ntpd restart VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.13 src/sys/conf/newvers.sh 1.69.2.18.2.15 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.20 src/sys/conf/newvers.sh 1.69.2.15.2.19 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1 RELENG_7 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2 RELENG_7_2 src/UPDATING 1.507.2.23.2.9 src/sys/conf/newvers.sh 1.72.2.11.2.10 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.13 src/sys/conf/newvers.sh 1.72.2.9.2.14 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1 RELENG_8 src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.5 src/sys/conf/newvers.sh 1.83.2.6.2.5 src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r201679 releng/6.4/ r201679 releng/6.3/ r201679 stable/7/ r201679 releng/7.2/ r201679 releng/7.1/ r201679 stable/8/ r201679 releng/8.0/ r201679 head/ r200576 - ------------------------------------------------------------------------- VII. Release Date: 2011-03-28 Last Updated: 2011-03-24 ------------------------------------------------------------------------------ Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS). References: CVE-2009-3563 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running XNTP. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3563 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following patches to resolve this vulnerability. The patches are available by contacting HP Support. http://itrc.hp.com HP-UX Release / Patch ID B.11.11 (11i v1) / PHNE_41907 B.11.23 (11i v2) / PHNE_41908 B.11.31 (11i v3) / PHNE_41177 MANUAL ACTIONS: No PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== InternetSrvcs.INETSVCS-BOOT action: install patch PHNE_41907 or subsequent HP-UX B.11.23 ================== InternetSrvcs.INETSVCS2-BOOT action: install patch PHNE_41908 or subsequent HP-UX B.11.31 ================== NTP.NTP-RUN action: install patch PHNE_41177 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 28 March 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7-r1" References ========== [ 1 ] CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201001-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . The upgrade is available by downloading from software.hp.com -> HPUX 11i Software -> Internet ready and networking -> HP-UX Network Time Protocol version 4 or directly from https://h20392.www2.hp.com/portal/swdepot/displayP roductInfo.do?productNumber=HPUX-NTP Review the Installation link at the bottom of the page. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com

Trust: 3.69

sources: NVD: CVE-2009-3563 // CERT/CC: VU#568372 // JVNDB: JVNDB-2009-002446 // BID: 37255 // VULMON: CVE-2009-3563 // PACKETSTORM: 83621 // PACKETSTORM: 86900 // PACKETSTORM: 83586 // PACKETSTORM: 94512 // PACKETSTORM: 83609 // PACKETSTORM: 105299 // PACKETSTORM: 90046 // PACKETSTORM: 84917 // PACKETSTORM: 99964 // PACKETSTORM: 84704 // PACKETSTORM: 121285

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications manager 5.1scope: - version: -

Trust: 2.1

vendor:ntpmodel:ntpscope:eqversion:4.1.2

Trust: 1.9

vendor:ntpmodel:ntpscope:eqversion:4.2.2p2

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.91

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.2.2p3

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.93

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.2.2p1

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.73

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.92

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.90

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.94

Trust: 1.6

vendor:ntpmodel:ntpscope:lteversion:4.2.2p4

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.2.2

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.72

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.96

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.97

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.2.5

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.2.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.1.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.98

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.95

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.99

Trust: 1.0

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:meinberg funkuhrenmodel: - scope: - version: -

Trust: 0.8

vendor:qnxmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:the sco groupmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:オラクルmodel:sparcscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:sun solarisscope: - version: -

Trust: 0.8

vendor:ibmmodel:aixscope: - version: -

Trust: 0.8

vendor:サイバートラスト株式会社model:asianux serverscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope: - version: -

Trust: 0.8

vendor:日本電気model:securebranchscope: - version: -

Trust: 0.8

vendor:ntpmodel:ntpscope: - version: -

Trust: 0.8

vendor:ヒューレット パッカードmodel:hp tru64 unixscope: - version: -

Trust: 0.8

vendor:富士通model:netshelterシリーズscope: - version: -

Trust: 0.8

vendor:日本電気model:ip8800/s,/rscope: - version: -

Trust: 0.8

vendor:富士通model:ipcomシリーズscope: - version: -

Trust: 0.8

vendor:オラクルmodel:netra sparcscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linux desktopscope: - version: -

Trust: 0.8

vendor:ヒューレット パッカードmodel:hp-uxscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linux eusscope: - version: -

Trust: 0.8

vendor:サン マイクロシステムズmodel:opensolarisscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications manager su1scope:eqversion:6.1

Trust: 0.6

vendor:ciscomodel:unified callmanager 4.3 sr1ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 131scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified meetingplace expressscope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-release-p2scope:eqversion:7.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 54scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.4

Trust: 0.3

vendor:nortelmodel:networks enterprise voip tm-cs1000scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.3

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.3

Trust: 0.3

vendor:ciscomodel:ace appliancescope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 121scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4.5

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.7

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:15.0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.3.2

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr5scope: - version: -

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.7

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.6.1

Trust: 0.3

vendor:sunmodel:solaris 8 sparcscope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2ascope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 124scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 123scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.0

Trust: 0.3

vendor:f5model:big-ip buildscope:eqversion:9.2413.1

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 49scope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:-release-p5scope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.17

Trust: 0.3

vendor:sunmodel:opensolaris build snv 114scope: - version: -

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 128scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:70000

Trust: 0.3

vendor:sunmodel:opensolaris build snv 107scope: - version: -

Trust: 0.3

vendor:ciscomodel:wireless location appliancescope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified communicationsscope:eqversion:5000

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:14.1

Trust: 0.3

vendor:vmwaremodel:vmascope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 108scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtosscope:neversion:6.4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 28scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.8

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2

Trust: 0.3

vendor:ciscomodel:unified callmanager sr5cscope:eqversion:4.1

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4.3

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2bscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:freebsdmodel:6.3-release-p10scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:1.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4.6

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:avayamodel:message networking mnscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:freebsdmodel:-release-p8scope:eqversion:6.3

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:14.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.0scope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:4.3

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:6.3-release-p11scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 120scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 51scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.2-rc2scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.6

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(3)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.0(1)

Trust: 0.3

vendor:freebsdmodel:7.0-release-p12scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr8ascope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.3 sr1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platform sp1.1scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.2.1

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:1.0

Trust: 0.3

vendor:freebsdmodel:7.1-release-p4scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-stablescope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 41scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.5

Trust: 0.3

vendor:ciscomodel:ace xml gatewayscope:eqversion:0

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 126scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.2-release-p4scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esxi serverscope:eqversion:3.5

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:5.0.1

Trust: 0.3

vendor:freebsdmodel:7.1-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-release-p8scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 35scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.6

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.0(2)

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4)

Trust: 0.3

vendor:junipermodel:ctpos 6.6r2scope:neversion: -

Trust: 0.3

vendor:avayamodel:intuity audix lx sp2scope:eqversion:2.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr3scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.5

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 130scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.1-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 6.1scope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-pre-releasescope:eqversion:7.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.19

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr4scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(2)

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:4.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:freebsdmodel:8.0-releasescope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.1 su1scope: - version: -

Trust: 0.3

vendor:sunmodel:sparc t3-1bscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(3)

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:16.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 118scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.2-prereleasescope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.18

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 112scope: - version: -

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:sunmodel:sparc t3-2scope:eqversion:0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:7.2-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:solaris 8 x86scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(3)

Trust: 0.3

vendor:ntpmodel:p8scope:neversion:4.2.4

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.4

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.7

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:freebsdmodel:-release-p9scope:eqversion:6.3

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:1

Trust: 0.3

vendor:sunmodel:netra sparc t3-1bscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(4)

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-release-p3scope:eqversion:6.4

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 132scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 48scope: - version: -

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:freebsdmodel:-release-p1scope:eqversion:7.1

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.4

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr1bscope: - version: -

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr7scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p6scope:eqversion:6.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtos update patch ascope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr4bscope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.0-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:7.1-release-p6scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.1

Trust: 0.3

vendor:freebsdmodel:-release-p9scope:eqversion:7.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:wide area application services 4.1.1bscope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager sr4scope:eqversion:4.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.1

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.9

Trust: 0.3

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.1.1

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:4.25

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:6.4-release-p2scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 125scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.4

Trust: 0.3

vendor:ciscomodel:telepresence readiness assessment managerscope:eqversion:1.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.9

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.3.1

Trust: 0.3

vendor:junipermodel:idp 5.1r4scope:neversion: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:3.1

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20080

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:6.4-release-p4scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.1(2)

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0

Trust: 0.3

vendor:freebsdmodel:7.0-releasescope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 113scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified communication manager business editionscope:eqversion:0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.0.x

Trust: 0.3

vendor:ciscomodel:meetingplacescope: - version: -

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 119scope: - version: -

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.13

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 110scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.2 sr2scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 71scope: - version: -

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.8

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:sunmodel:sparc t3-4scope:eqversion:0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.4.1

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:4.3(2)

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence recording serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0 su1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr8scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.3

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 122scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.6

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.6

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 109scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.5

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:digital media playerscope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:sunmodel:solaris 9 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager sr5bscope:eqversion:4.1

Trust: 0.3

vendor:freebsdmodel:6.0-relengscope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.2

Trust: 0.3

vendor:ntpmodel:4.2.0.ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.3

vendor:ciscomodel:ip interoperability & communications system ipicsscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:sunmodel:netra sparc t3-1scope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 56scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 38scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:unified communications manager sr2bscope:eqversion:4.2

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:sunmodel:sparc t3-1scope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 129scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtos sp3scope:eqversion:6.3.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.0

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(2)

Trust: 0.3

vendor:avayamodel:intuity audix lx r1.1scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:freebsdmodel:beta4scope:eqversion:7.0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:2.4

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.4

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:1.0

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.3.30

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.7

Trust: 0.3

vendor:freebsdmodel:7.2-release-p1scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:intuity audix lx sp1scope:eqversion:2.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:avayamodel:messaging storage server mm3.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ace application control enginescope:eqversion:47000

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 98scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 117scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 133scope:neversion: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 58scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:50000

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:avayamodel:message networkingscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esxi serverscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0

Trust: 0.3

vendor:junipermodel:ctpos 6.6r1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(1)

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-release-p11scope: - version: -

Trust: 0.3

vendor:netbsdmodel:beta2scope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(1)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1)

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.0 su1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(2)

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 37scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager sr3scope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 115scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.3

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:2.0

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unified meetingplacescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.7

Trust: 0.3

vendor:sunmodel:opensolaris build snv 116scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 127scope: - version: -

Trust: 0.3

vendor:junipermodel:idpscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:6.4-relengscope: - version: -

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr1scope: - version: -

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:6.4-release-p5scope: - version: -

Trust: 0.3

sources: CERT/CC: VU#568372 // BID: 37255 // JVNDB: JVNDB-2009-002446 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3563
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3563
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200912-113
value: MEDIUM

Trust: 0.6

VULMON: CVE-2009-3563
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3563
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2009-3563 // JVNDB: JVNDB-2009-002446 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:design issues (CWE-DesignError) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2009-002446 // NVD: CVE-2009-3563

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 83621 // PACKETSTORM: 83609 // CNNVD: CNNVD-200912-113

TYPE

design error

Trust: 0.6

sources: CNNVD: CNNVD-200912-113

PATCH

title:NV10-001 Fujitsu Fujitsu   Security informationurl:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4958

Trust: 0.8

title:Debian CVElist Bug Report Logs: ntp: CVE-2009-3563 DoS through mode 7 packetsurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=6af87915827741e9268f059d7932cd80

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-867-1

Trust: 0.1

title:Debian Security Advisories: DSA-1948-1 ntp -- denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=dccc5b29483e1b8bed9fa984fc8c8c6e

Trust: 0.1

title:Cisco: Network Time Protocol Package Remote Message Loop Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20091208-CVE-2009-3563

Trust: 0.1

title:Debian Security Advisories: DSA-1992-1 chrony -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0329811e8a24491e35ce229b8b52259d

Trust: 0.1

title:VMware Security Advisories: ESX Service Console and vMA third party updatesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=5f45ebecc93cf53cc0b45af03208cba6

Trust: 0.1

title:VMware Security Advisories: ESXi utilities and ESX Service Console third party updatesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=9ca0d654a28a118d1f99d0ae3b1753e8

Trust: 0.1

sources: VULMON: CVE-2009-3563 // JVNDB: JVNDB-2009-002446

EXTERNAL IDS

db:NVDid:CVE-2009-3563

Trust: 5.5

db:CERT/CCid:VU#568372

Trust: 3.7

db:BIDid:37255

Trust: 2.8

db:SECTRACKid:1023298

Trust: 2.5

db:VUPENid:ADV-2010-0510

Trust: 1.9

db:SECUNIAid:38764

Trust: 1.9

db:CERT/CCid:VU#417980

Trust: 1.8

db:VUPENid:ADV-2010-0528

Trust: 1.1

db:VUPENid:ADV-2010-0993

Trust: 1.1

db:SECUNIAid:37922

Trust: 1.1

db:SECUNIAid:37629

Trust: 1.1

db:SECUNIAid:38832

Trust: 1.1

db:SECUNIAid:38834

Trust: 1.1

db:SECUNIAid:39593

Trust: 1.1

db:SECUNIAid:38794

Trust: 1.1

db:JUNIPERid:JSA10673

Trust: 1.1

db:JUNIPERid:JSA10691

Trust: 1.1

db:JVNid:JVNVU93188600

Trust: 0.8

db:JVNDBid:JVNDB-2009-002446

Trust: 0.8

db:FEDORAid:FEDORA-2009-13090

Trust: 0.6

db:FEDORAid:FEDORA-2009-13121

Trust: 0.6

db:REDHATid:RHSA-2010:0095

Trust: 0.6

db:REDHATid:RHSA-2009:1651

Trust: 0.6

db:REDHATid:RHSA-2009:1648

Trust: 0.6

db:DEBIANid:DSA-1948

Trust: 0.6

db:CNNVDid:CNNVD-200912-113

Trust: 0.6

db:VULMONid:CVE-2009-3563

Trust: 0.1

db:PACKETSTORMid:83621

Trust: 0.1

db:PACKETSTORMid:86900

Trust: 0.1

db:PACKETSTORMid:83586

Trust: 0.1

db:PACKETSTORMid:94512

Trust: 0.1

db:PACKETSTORMid:83609

Trust: 0.1

db:PACKETSTORMid:105299

Trust: 0.1

db:PACKETSTORMid:90046

Trust: 0.1

db:PACKETSTORMid:84917

Trust: 0.1

db:PACKETSTORMid:99964

Trust: 0.1

db:PACKETSTORMid:84704

Trust: 0.1

db:PACKETSTORMid:121285

Trust: 0.1

sources: CERT/CC: VU#568372 // VULMON: CVE-2009-3563 // BID: 37255 // JVNDB: JVNDB-2009-002446 // PACKETSTORM: 83621 // PACKETSTORM: 86900 // PACKETSTORM: 83586 // PACKETSTORM: 94512 // PACKETSTORM: 83609 // PACKETSTORM: 105299 // PACKETSTORM: 90046 // PACKETSTORM: 84917 // PACKETSTORM: 99964 // PACKETSTORM: 84704 // PACKETSTORM: 121285 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

REFERENCES

url:http://www.kb.cert.org/vuls/id/568372

Trust: 3.0

url:http://security-tracker.debian.org/tracker/cve-2009-3563

Trust: 2.5

url:http://securitytracker.com/id?1023298

Trust: 2.5

url:http://www.securityfocus.com/bid/37255

Trust: 2.5

url:https://support.ntp.org/bugs/show_bug.cgi?id=1331

Trust: 2.3

url:http://www.vupen.com/english/advisories/2010/0510

Trust: 1.9

url:http://secunia.com/advisories/38764

Trust: 1.9

url:http://support.ntp.org/bin/view/main/securitynotice#dos_attack_from_certain_ntp_mode

Trust: 1.8

url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074

Trust: 1.8

url:https://rhn.redhat.com/errata/rhsa-2009-1651.html

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/mapg-7x7vd7

Trust: 1.7

url:http://www.debian.org/security/2009/dsa-1948

Trust: 1.7

url:https://rhn.redhat.com/errata/rhsa-2009-1648.html

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/mapg-7x7v6j

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=531213

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00809.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00763.html

Trust: 1.7

url:https://rhn.redhat.com/errata/rhsa-2010-0095.html

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-867-1

Trust: 1.6

url:http://tools.cisco.com/security/center/viewalert.x?alertid=19540

Trust: 1.6

url:http://support.avaya.com/css/p8/documents/100071808

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=isg1iz71047

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=isg1iz68659

Trust: 1.4

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1

Trust: 1.1

url:https://lists.ntp.org/pipermail/announce/2009-december/000086.html

Trust: 1.1

url:http://secunia.com/advisories/37922

Trust: 1.1

url:http://secunia.com/advisories/37629

Trust: 1.1

url:http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc

Trust: 1.1

url:http://secunia.com/advisories/38794

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0528

Trust: 1.1

url:http://secunia.com/advisories/38832

Trust: 1.1

url:http://secunia.com/advisories/38834

Trust: 1.1

url:http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Trust: 1.1

url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2010-005.txt.asc

Trust: 1.1

url:http://secunia.com/advisories/39593

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0993

Trust: 1.1

url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=136482797910018&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=130168580504508&w=2

Trust: 1.1

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10691

Trust: 1.1

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10673

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7076

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19376

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12141

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11225

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3563

Trust: 1.0

url:https://www.kb.cert.org/vuls/id/417980

Trust: 1.0

url:http://tools.ietf.org/html/rfc2827

Trust: 0.8

url:http://tools.ietf.org/html/rfc3704

Trust: 0.8

url:http://www.ntp.org/downloads.html

Trust: 0.8

url:http://bugs.gentoo.org/show_bug.cgi?id=290881

Trust: 0.8

url:http://jvn.jp/cert/jvnvu568372/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93188600/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3563

Trust: 0.8

url:https://kb.cert.org/vuls/id/417980

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3563

Trust: 0.5

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time

Trust: 0.3

url:http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=985679

Trust: 0.3

url:http://www.ntp.org/

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100073364

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100071806

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1386

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2908

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1377

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3620

Trust: 0.2

url:http://www.vmware.com/security

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1387

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3228

Trust: 0.2

url:http://kb.vmware.com/kb/1055

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1378

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2695

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3621

Trust: 0.2

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3547

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3286

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3613

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2695

Trust: 0.2

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2908

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0590

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3726

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3612

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1379

Trust: 0.2

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.2

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.2

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.2

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.2

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-0159

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:https://www.hp.com/go/swa

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://usn.ubuntu.com/867-1/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20091208-cve-2009-3563

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4022

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4552

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1377

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3560

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2904

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2905

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3916

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-4552

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1387

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-4316

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:http://tinyurl.com/yfekgrx

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0115

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1379

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4316

Trust: 0.1

url:https://hostupdate.vmware.com/software/vum/offline/release-192-20100228-732

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2905

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2904

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1378

Trust: 0.1

url:http://kb.vmware.com/kb/1018403

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_armel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_armel.deb

Trust: 0.1

url:http://security.debian.org/

Trust: 0.1

url:http://packages.debian.org/<pkg>

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny3_all.deb

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_ia64.deb

Trust: 0.1

url:http://www13.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001786-v51bb28-es-20100816

Trust: 0.1

url:http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001787-v51bb27-es-20100817

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3080

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-4567

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0001

Trust: 0.1

url:http://bit.ly/aqtcqn

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4567

Trust: 0.1

url:http://kb.vmware.com/kb/1013127

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4536

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4536

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4021

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0427

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-6304

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3939

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4020

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3736

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3556

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4538

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0097

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4537

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0290

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3612

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4138

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4272

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0382

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4355

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4141

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3613

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4538

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3080

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6304

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2910

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3556

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4537

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3889

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2910

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3726

Trust: 0.1

url:http://security.freebsd.org/patches/sa-10:02/ntpd.patch

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:http://security.freebsd.org/patches/sa-10:02/ntpd.patch.asc

Trust: 0.1

url:http://security.freebsd.org/advisories/freebsd-sa-10:02.ntpd.asc

Trust: 0.1

url:http://itrc.hp.com

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201001-01.xml

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://h20392.www2.hp.com/portal/swdepot/displayp

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

sources: CERT/CC: VU#568372 // VULMON: CVE-2009-3563 // BID: 37255 // JVNDB: JVNDB-2009-002446 // PACKETSTORM: 83621 // PACKETSTORM: 86900 // PACKETSTORM: 83586 // PACKETSTORM: 94512 // PACKETSTORM: 83609 // PACKETSTORM: 105299 // PACKETSTORM: 90046 // PACKETSTORM: 84917 // PACKETSTORM: 99964 // PACKETSTORM: 84704 // PACKETSTORM: 121285 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

CREDITS

Harlan Stenn

Trust: 0.6

sources: CNNVD: CNNVD-200912-113

SOURCES

db:CERT/CCid:VU#568372
db:VULMONid:CVE-2009-3563
db:BIDid:37255
db:JVNDBid:JVNDB-2009-002446
db:PACKETSTORMid:83621
db:PACKETSTORMid:86900
db:PACKETSTORMid:83586
db:PACKETSTORMid:94512
db:PACKETSTORMid:83609
db:PACKETSTORMid:105299
db:PACKETSTORMid:90046
db:PACKETSTORMid:84917
db:PACKETSTORMid:99964
db:PACKETSTORMid:84704
db:PACKETSTORMid:121285
db:CNNVDid:CNNVD-200912-113
db:NVDid:CVE-2009-3563

LAST UPDATE DATE

2024-11-24T19:27:09.384000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#568372date:2011-07-22T00:00:00
db:VULMONid:CVE-2009-3563date:2017-09-19T00:00:00
db:BIDid:37255date:2015-05-12T19:46:00
db:JVNDBid:JVNDB-2009-002446date:2024-03-22T04:19:00
db:CNNVDid:CNNVD-200912-113date:2009-12-10T00:00:00
db:NVDid:CVE-2009-3563date:2024-11-21T01:07:40.913

SOURCES RELEASE DATE

db:CERT/CCid:VU#568372date:2009-12-08T00:00:00
db:VULMONid:CVE-2009-3563date:2009-12-09T00:00:00
db:BIDid:37255date:2009-12-08T00:00:00
db:JVNDBid:JVNDB-2009-002446date:2010-01-25T00:00:00
db:PACKETSTORMid:83621date:2009-12-10T15:41:54
db:PACKETSTORMid:86900date:2010-03-05T03:32:24
db:PACKETSTORMid:83586date:2009-12-09T00:03:34
db:PACKETSTORMid:94512date:2010-10-05T21:10:50
db:PACKETSTORMid:83609date:2009-12-09T00:21:25
db:PACKETSTORMid:105299date:2011-09-23T12:12:00
db:PACKETSTORMid:90046date:2010-05-28T20:14:56
db:PACKETSTORMid:84917date:2010-01-07T19:01:14
db:PACKETSTORMid:99964date:2011-04-01T21:06:48
db:PACKETSTORMid:84704date:2010-01-04T02:50:23
db:PACKETSTORMid:121285date:2013-04-12T00:36:17
db:CNNVDid:CNNVD-200912-113date:2009-12-09T00:00:00
db:NVDid:CVE-2009-3563date:2009-12-09T18:30:00.390