ID

VAR-201401-0184

CVE

CVE-2013-5211

TITLE

NTP can be abused to amplify denial-of-service attack traffic

DESCRIPTION

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC. In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.The device may be used in a DNS amplification attack and unknowingly become a part of a DDoS attack. NTP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users. The net-misc/ntp package contains the official reference implementation by the NTP Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.6_p5-r10 >= 4.2.6_p5-r10 Description =========== ntpd is susceptible to a reflected Denial of Service attack. Please review the CVE identifiers and references below for details. Workaround ========== We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10 and added "noquery" to the default restriction which disallows anyone to query the ntpd status, including "monlist". If you use a non-default configuration, and provide a ntp service to untrusted networks, we highly recommend you to revise your configuration to disable mode 6 and 7 queries for any untrusted (public) network. You can always enable these queries for specific trusted networks. For more details please see the "Access Control Support" chapter in the ntp.conf(5) man page. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.6_p5-r10" Note that the updated package contains a modified default configuration only. References ========== [ 1 ] CVE-2013-5211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5211 [ 2 ] VU#348126 http://www.kb.cert.org/vuls/id/348126 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System TA13-088A: DNS Amplification Attacks Original release date: March 29, 2013 Systems Affected * Domain Name System (DNS) servers Overview A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. Description A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. The basic attack technique consists of an attacker sending a DNS name lookup request to an open recursive DNS server with the source address spoofed to be the victims address. When the DNS server sends the DNS record response, it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed DNS queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks. While the attacks are difficult to prevent, network operators can implement several possible mitigation strategies. The primary element in the attack that is the focus of an effective long-term solution is the detection and elimination of open recursive DNS resolvers. These systems are typically legitimate DNS servers that have been improperly configured to respond to recursive queries on behalf of any system, rather than restricting recursive responses only to requests from local or authorized clients. By identifying these systems, an organization or network operator can reduce the number of potential resources that the attacker can employ in an attack. Impact A misconfigured Domain Name System (DNS) server can be exploited to participate in a Distributed Denial of Service (DDoS) attack. Solution DETECTION Several organizations offer free, web-based scanning tools that will search a network for vulnerable open DNS resolvers. These tools will scan entire network ranges and list the address of any identified open resolvers. The query interface allows network administrators to enter IP ranges in CIDR format [1]. The Measurement Factory http://dns.measurement-factory.com Like the Open DNS Resolver Project, the Measurement Factory maintains a list of Internet accessible DNS servers and allows administrators to search for open recursive resolvers [2]. In addition, the Measurement Factory offers a free tool to directly test an individual DNS resolver to determine if it allows open recursion. This will allow an administrator to determine if configuration changes are necessary and verify that configuration changes have been effective [3]. Finally, the site offers statistics showing the number of open resolvers detected on the various Autonomous System (AS) networks, sorted by the highest number found [4]. DNSInspect http://www.dnsinspect.com Another freely available, web-based tool for testing DNS resolvers is DNSInspect. This site is similar to The Measurement Factorys ability to test a specific resolver for vulnerability, but offers the ability to test an entire DNS Zone for several other potential configuration and security issues [5]. Indicators In a typical recursive DNS query, a client sends a query request to a local DNS server requesting the resolution of a name or the reverse resolution of an IP address. The DNS server performs the necessary queries on behalf of the client and returns a response packet with the requested information or an error [6, page 21]. The specification does not allow for unsolicited responses. In a DNS amplification attack, the key indicator is a query response without a matching request. MITIGATION Unfortunately, due to the overwhelming traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack. While the only effective means of eliminating this type of attack is to eliminate open recursive resolvers, this requires a large-scale effort by numerous parties. According to the Open DNS Resolver Project, of the 27 million known DNS resolvers on the Internet, approximately 25 million pose a significant threat of being used in an attack [1]. However, several possible techniques are available to reduce the overall effectiveness of such attacks to the Internet community as a whole. Where possible, configuration links have been provided to assist administrators with making the recommended changes. The configuration information has been limited to BIND9 and Microsofts DNS Server, which are two widely deployed DNS servers. If you are running a different DNS server, please see your vendors documentation for configuration details. Source IP Verification Because the DNS queries being sent by the attacker-controlled clients must have a source address spoofed to appear as the victims system, the first step to reducing the effectiveness of DNS amplification is for Internet Service Providers to deny any DNS traffic with spoofed addresses. The Network Working Group of the Internet Engineering Task Force released a Best Current Practice document in May 2000 that describes how an Internet Service Provider can filter network traffic on their network to drop packets with source addresses not reachable via the actual packets path [7]. This configuration change would considerably reduce the potential for most current types of DDoS attacks. Disabling Recursion on Authoritative Name Servers Many of the DNS servers currently deployed on the Internet are exclusively intended to provide name resolution for a single domain. These systems do not need to support resolution of other domains on behalf of a client, and therefore should be configured with recursion disabled. Bind9 Add the following to the global options [8]: options { allow-query-cache { none; }; recursion no; }; Microsoft DNS Server In the Microsoft DNS console tool [9]: * Right-click the DNS server and click Properties. * Click the Advanced tab. * In Server options, select the Disable recursion check box, and then click OK. Limiting Recursion to Authorized Clients For DNS servers that are deployed within an organization or ISP to support name queries on behalf of a client, the resolver should be configured to only allow queries on behalf of authorized clients. These requests should typically only come from clients within the organizations network address range. BIND9 In the global options, add the following [10]: acl corpnets { 192.168.1.0/24; 192.168.2.0/24; }; options { allow-query { corpnets; }; allow-recursion { corpnets; }; }; Microsoft DNS Server It is not currently possible to restrict recursive DNS requests to a specific client address range in Microsoft DNS Server. The most effective means of approximating this functionality is to configure the internal DNS server to forward queries to an external DNS server and restrict DNS traffic in the firewall to restrict port 53 UDP traffic to the internal server and the external forwarder [11]. Rate Limiting Response of Recursive Name Servers There is currently an experimental feature available as a set of patches for BIND9 that allows an administrator to restrict the number of responses per second being sent from the name server [12]. This is intended to reduce the effectiveness of DNS amplification attacks by reducing the volume of traffic coming from any single resolver. BIND9 On BIND9 implementation running the RRL patches, add the following lines to the options block of the authoritative views [13]: rate-limit { responses-per-second 5; window 5; }; Microsoft DNS Server This option is currently not available for Microsoft DNS Server. References * [1] Open DNS Resolver Project * [2] The Measurement Factory, "List Open Resolvers on Your Network" * [3] The Measurement Factory, "Open Resolver Test" * [4] The Measurement Factory, "Open Resolvers for Each Autonomous System" * [5] "DNSInspect," DNSInspect.com * [6] RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES * [7] BCP 38: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing * [8] Chapter 3. Name Server Configuration * [9] Disable recursion on the DNS server * [10] Chapter 7. BIND 9 Security Considerations * [11] Configure a DNS Server to Use Forwarders * [12] DNS Response Rate Limiting (DNS RRL) * [13] Response Rate Limiting in the Domain Name System (DNS RRL) Revision History * March 29, 2013: Initial release Relevant URL(s): <http://openresolverproject.org/> <http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl> <http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl> <http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html> <http://www.dnsinspect.com/> <http://tools.ietf.org/html/rfc1034> <http://tools.ietf.org/html/bcp38> <http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch03.html#id2567992> <http://technet.microsoft.com/en-us/library/cc787602.aspx> <http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch07.html#Access_Control_Lists> <http://technet.microsoft.com/en-us/library/cc754941.aspx> <http://ss.vix.su/~vixie/isc-tn-2012-1.txt> <http://www.redbarn.org/dns/ratelimits> ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification/ Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/ncas/alerts/TA13-088A For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUVXuq3dnhE8Qi3ZhAQIBXAf+LICtxQHGu5j7x8NAFG+tTSWrjducZ37v oWhQuSsXp9XjwAN1RdXOZRpX2Sbp5b1bVZ+FfjdPljoRVpoRksuBu5qOfzathZEP 3aRA7O0Kffuk2ofCsn8I9nWOas7bZa9gO8hGan4ORjEJLt4OWFtPW+2aWfDKY72x lcky1Ms6Z1TGkCTgJLuoUXXmGg8JQJqvRfkc7VAY4ttpJV1/DtpMIZyf2Hbr4inp ClnGYi64ukzu38kYkQ33u3oPKjYX8bwWKAZRnpQAcHO8ddswKre7Cz2Ar5tTNluY 0/nzEAx6BVAKgntp5NUJ8y55ej+RyEQiCpBAkhE8xImmxAUPJ7AiMw== =FVTl -----END PGP SIGNATURE----- . Release Date: 2015-09-09 Last Updated: 2015-09-09 Potential Security Impact: Remote denial of service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. TCP/IP Services for OpenVMS V5.7 ECO5 running NTP BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-5211 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following patch kits available to resolve the vulnerabilities with TCP/IP Services for OpenVMS running NTP. Platform Patch Kit Name Alpha IA64 V8.4 75-117-380_2015-08-24.BCK NOTE: Please contact OpenVMS Technical Support to request these patch kits. HISTORY Version:1 (rev.1) - 9 September 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Corrected: 2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1) 2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE) 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) 2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE) 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) CVE Name: CVE-2013-5211 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. II. Problem Description The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication. III. Impact An attacker can send 'monlist' queries and use that as an amplification of a reflection attack. IV. This can be done by adding the following lines to /etc/ntp.conf: restrict -4 default nomodify nopeer noquery notrap restrict -6 default nomodify nopeer noquery notrap restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0 And restart the ntpd(8) daemon. Time service is not affected and the administrator can still perform queries from local host. 2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to restrict which systems can access ntpd(8). 3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or newer) V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch # fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc # gpg --verify ntpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. Restart the ntpd(8) daemon, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Note that the patch would disable monitoring features of ntpd(8) daemon by default. If the feature is desirable, the administrator can choose to enable it and firewall access to ntpd(8) service. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r260641 releng/8.3/ r260647 releng/8.4/ r260647 stable/9/ r260641 releng/9.1/ r260647 releng/9.2/ r260647 stable/10/ r260639 releng/10.0/ r260641 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2014-0002 Synopsis: VMware vSphere updates to third party libraries Issue date: 2014-03-11 Updated on: 2014-03-11 (initial advisory) CVE numbers: --NTP --- CVE-2013-5211 --glibc (service console) --- CVE-2013-4332 --JRE-- See references - ----------------------------------------------------------------------- 1. Summary VMware has updated vSphere third party libraries. 2. Relevant releases vCenter Server Appliance 5.5 prior to 5.5 Update 1 VMware vCenter Server 5.5 prior 5.5 Update 1 VMware Update Manager 5.5 prior 5.5 Update 1 VMware ESXi 5.5 without patch ESXi550-201403101-SG 3. Problem Description a. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. Mitigation Mitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= VCSA 5.5 Linux 5.5 Update 1 VCSA 5.1 Linux patch pending VCSA 5.0 Linux patch pending ESXi 5.5 ESXi ESXi550-201403101-SG ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi patch pending ESXi 4.0 ESXi patch pending ESX 4.1 ESX patch pending ESX 4.0 ESX patch pending b. Update to ESXi glibc package The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-4332 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi 5.5 ESXi ESXi550-201403101-SG ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi no patch planned ESXi 4.0 ESXi no patch planned ESX 4.1 ESX not applicable ESX 4.0 ESX not applicable c. vCenter and Update Manager, Oracle JRE 1.7 Update 45 Oracle JRE is updated to version JRE 1.7 Update 45, which addresses multiple security issues that existed in earlier releases of Oracle JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch Update Advisory of October 2013. The References section provides a link to this advisory. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server 5.5 Any 5.5 Update 1 vCenter Server 5.1 Any not applicable ** vCenter Server 5.0 Any not applicable ** vCenter Server 4.1 Windows not applicable ** vCenter Server 4.0 Windows not applicable * Update Manager 5.5 Windows 5.5 Update 1 Update Manager 5.1 Windows not applicable ** Update Manager 5.0 Windows not applicable ** Update Manager 4.1 Windows not applicable * Update Manager 4.0 Windows not applicable * ESXi any ESXi not applicable ESX 4.1 ESX not applicable ** ESX 4.0 ESX not applicable * * this product uses the Oracle JRE 1.5.0 family ** this product uses the Oracle JRE 1.6.0 family 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Server 5.5 -------------------------- Download link: https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_ vsphere/5_5 Release Notes: https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel ease-notes.html ESXi 5.5 ----------------- File: update-from-esxi5.5-5.5_update01.zip md5sum:5773844efc7d8e43135de46801d6ea25 sha1sum:6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065826 update-from-esxi5.5-5.5_update01 contains ESXi550-201403101-SG 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332 --------- jre --------- Oracle Java SE Critical Patch Update Advisory of October 2013 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html VMware Knowledge Base article 2070193 http://kb.vmware.com/kb/2070193 - ----------------------------------------------------------------------- 6. Change log 2014-03-11 VMSA-2014-0002 Initial security advisory in conjunction with the release of vSphere 5.5 Update 1 on 2014-03-11 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz: Rebuilt. By default, Slackware is not vulnerable since it includes "noquery" as a default restriction. However, it is vulnerable if this restriction is removed. To help mitigate this flaw, "disable monitor" has been added to the default ntp.conf (which will disable the monlist command even if other queries are allowed), and the default restrictions have been extended to IPv6 as well. All users of the NTP daemon should make sure that their ntp.conf contains "disable monitor" to prevent misuse of the NTP service. The new ntp.conf file will be installed as /etc/ntp.conf.new with a package upgrade, but the changes will need to be merged into any existing ntp.conf file by the admin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211 http://www.kb.cert.org/vuls/id/348126 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Please do not reply to this email address

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Dave Hart

SOURCES

LAST UPDATE DATE

2022-05-29T21:44:11.663000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE