ID

VAR-201504-0361


CVE

CVE-2015-1798


TITLE

NTP Project ntpd reference implementation contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#374268

DESCRIPTION

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlMan-in-the-middle attacks (man-in-the-middle attack) By MAC The packet may be spoofed by being deleted. Successful exploits may allow the attacker to cause a denial-of-service condition. NTP is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerablities Date: September 24, 2015 Bugs: #545836, #553682 ID: 201509-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in NTP, the worst of which could lead to arbitrary code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8_p3 >= 4.2.8_p3 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p3" References ========== [ 1 ] CVE-2015-1798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1798 [ 2 ] CVE-2015-1799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1799 [ 3 ] CVE-2015-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5146 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201509-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p2-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p2-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p2-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p2-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 570bb3e4bb7b065101fa4963e757d7e7 ntp-4.2.8p2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: e6add42a70a66496be2d4978370c2799 ntp-4.2.8p2-x86_64-1_slack13.0.txz Slackware 13.1 package: 99f1cfa5e23a256d840ed0a56b7f9400 ntp-4.2.8p2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 0a6622196521e084d36cda13fc6da824 ntp-4.2.8p2-x86_64-1_slack13.1.txz Slackware 13.37 package: 28cfe042c585cf036582ce5f0c2daadf ntp-4.2.8p2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: c436da55cd2d113142410a9d982c5ac5 ntp-4.2.8p2-x86_64-1_slack13.37.txz Slackware 14.0 package: cf69f8ecb5e4c1902dfb22d0f9685278 ntp-4.2.8p2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9c8344ec56d5d2335fd7370e2f9cf639 ntp-4.2.8p2-x86_64-1_slack14.0.txz Slackware 14.1 package: 9dcf0eafa851ad018f8341c2fb9307b5 ntp-4.2.8p2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: e0c063f4e46a72ec86012a46299a46df ntp-4.2.8p2-x86_64-1_slack14.1.txz Slackware -current package: 5f72de16e3bb6cd216e7694a49671cee n/ntp-4.2.8p2-i486-1.txz Slackware x86_64 -current package: 1ba531770e4a2ae6e8e7116aaa26523e n/ntp-4.2.8p2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p2-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:07.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2015-04-07 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE) 2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9) 2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE) 2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13) 2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE) 2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27) CVE Name: CVE-2014-9297, CVE-2015-1798, CVE-2015-1799 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. II. Problem Description The vallen packet value is not validated in several code paths in ntp_crypto.c. [CVE-2015-1798] NTP state variables are updated prior to validating the received packets. [CVE-2015-1799] III. [CVE-2015-1798] An attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can periodically send a specially crafted or replayed packet which will break the synchronization between the two peers due to transmit timestamp mismatch, preventing the two nodes from synchronizing with each other, even when authentication is enabled. [CVE-2015-1799] IV. Workaround No workaround is available, but systems not running ntpd(8) are not affected. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch # fetch https://security.FreeBSD.org/patches/SA-15:07/ntp.patch.asc # gpg --verify ntp.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r281231 releng/8.4/ r281233 stable/9/ r281231 releng/9.3/ r281233 stable/10/ r281230 releng/10.1/ r281232 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. The updated packages provides a solution for these security issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: b0f98e6b8700e3e3413582fe28d1ba06 mbs1/x86_64/ntp-4.2.6p5-8.4.mbs1.x86_64.rpm d864780718c95368bf9ec81643e35e5d mbs1/x86_64/ntp-client-4.2.6p5-8.4.mbs1.x86_64.rpm 6f457df52d46fb8e6b0fe44aead752eb mbs1/x86_64/ntp-doc-4.2.6p5-8.4.mbs1.x86_64.rpm b4bff3de733ea6d2839a77a9211ce02b mbs1/SRPMS/ntp-4.2.6p5-8.4.mbs1.src.rpm Mandriva Business Server 2/X86_64: e9ac2f3465bcc50199aef8a4d553927f mbs2/x86_64/ntp-4.2.6p5-16.3.mbs2.x86_64.rpm cf2970c3c56efbfa84f964532ad64544 mbs2/x86_64/ntp-client-4.2.6p5-16.3.mbs2.x86_64.rpm 1ae1b1d3c2e7bdea25c01c33652b6169 mbs2/x86_64/ntp-doc-4.2.6p5-16.3.mbs2.noarch.rpm d250433009fd187361bda6338dc5eede mbs2/SRPMS/ntp-4.2.6p5-16.3.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. 7) - noarch, x86_64 3. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. (BZ#1191111) * The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed. (BZ#1171640) Enhancements: * This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828) * This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the "stepback" and "stepfwd" options to configure each threshold. Additionally, it was discovered that generating MD5 keys using ntp-keygen on big endian machines would either trigger an endless loop, or generate non-random keys. For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.6.p5+dfsg-7. We recommend that you upgrade your ntp packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: RHSA-2015:1459-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1459.html Issue date: 2015-07-22 Updated on: 2015-02-25 CVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 ===================================================================== 1. Summary: Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. (CVE-2014-9298) A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799) A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405) A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. (CVE-2015-1798) The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvár of Red Hat. Bug fixes: * The ntpd daemon truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. The maximum length of keys has now been changed to 32 bytes. (BZ#1053551) * The ntp-keygen utility used the exponent of 3 when generating RSA keys, and generating RSA keys failed when FIPS mode was enabled. ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1184421) * The ntpd daemon included a root delay when calculating its root dispersion. Consequently, the NTP server reported larger root dispersion than it should have and clients could reject the source when its distance reached the maximum synchronization distance (1.5 seconds by default). Calculation of root dispersion has been fixed, the root dispersion is now reported correctly, and clients no longer reject the server due to a large synchronization distance. (BZ#1045376) * The ntpd daemon dropped incoming NTP packets if their source port was lower than 123 (the NTP port). Clients behind Network Address Translation (NAT) were unable to synchronize with the server if their source port was translated to ports below 123. With this update, ntpd no longer checks the source port number. (BZ#1171630) Enhancements: * This update introduces configurable access of memory segments used for Shared Memory Driver (SHM) reference clocks. Previously, only the first two memory segments were created with owner-only access, allowing just two SHM reference clocks to be used securely on a system. Now, the owner-only access to SHM is configurable with the "mode" option, and it is therefore possible to use more SHM reference clocks securely. (BZ#1122015) * Support for nanosecond resolution has been added to the SHM reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock (for example, with the timemaster service from the linuxptp package), the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now enables sub-microsecond synchronization of the system clock. (BZ#1117704) 4. Solution: All ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing the update, the ntpd daemon will restart automatically. Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 995134 - ntp package doesn't build with net-snmp-devel 1045376 - Fix root distance and root dispersion calculations. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-5.el6.src.rpm i386: ntp-4.2.6p5-5.el6.i686.rpm ntp-debuginfo-4.2.6p5-5.el6.i686.rpm ntpdate-4.2.6p5-5.el6.i686.rpm x86_64: ntp-4.2.6p5-5.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntpdate-4.2.6p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6.i686.rpm ntp-perl-4.2.6p5-5.el6.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntp-perl-4.2.6p5-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-5.el6.src.rpm x86_64: ntp-4.2.6p5-5.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntpdate-4.2.6p5-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-5.el6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntp-perl-4.2.6p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-5.el6.src.rpm i386: ntp-4.2.6p5-5.el6.i686.rpm ntp-debuginfo-4.2.6p5-5.el6.i686.rpm ntpdate-4.2.6p5-5.el6.i686.rpm ppc64: ntp-4.2.6p5-5.el6.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6.ppc64.rpm ntpdate-4.2.6p5-5.el6.ppc64.rpm s390x: ntp-4.2.6p5-5.el6.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6.s390x.rpm ntpdate-4.2.6p5-5.el6.s390x.rpm x86_64: ntp-4.2.6p5-5.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntpdate-4.2.6p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6.i686.rpm ntp-perl-4.2.6p5-5.el6.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-5.el6.ppc64.rpm ntp-perl-4.2.6p5-5.el6.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-5.el6.s390x.rpm ntp-perl-4.2.6p5-5.el6.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntp-perl-4.2.6p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-5.el6.src.rpm i386: ntp-4.2.6p5-5.el6.i686.rpm ntp-debuginfo-4.2.6p5-5.el6.i686.rpm ntpdate-4.2.6p5-5.el6.i686.rpm x86_64: ntp-4.2.6p5-5.el6.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntpdate-4.2.6p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6.i686.rpm ntp-perl-4.2.6p5-5.el6.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6.x86_64.rpm ntp-perl-4.2.6p5-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9297 https://access.redhat.com/security/cve/CVE-2014-9298 https://access.redhat.com/security/cve/CVE-2015-1798 https://access.redhat.com/security/cve/CVE-2015-1799 https://access.redhat.com/security/cve/CVE-2015-3405 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVrzhmXlSAg2UNWIIRAm99AJ48H4E3oVeZOC1QZtZHqK2Kqtyz4QCfQQtv N7izaJnwt/eplpxx4DE0HoY= =6lW5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following: Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from. CVE-ID CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec afpserver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple. CVE-ID CVE-2015-3675 : Apple apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40. CVE-ID CVE-2015-0235 CVE-2015-0273 AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3676 : Chen Liang of KEEN Team AppleFSCompression Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative AppleThunderboltEDMService Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3678 : Apple ATS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3682 : Nuode Wei Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938 Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858. CFNetwork HTTPAuthentication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3684 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck DiskImages Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative Display Drivers Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface. CVE-ID CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application with root privileges may be able to modify EFI flash memory Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014) FontParser Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team Graphics Driver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3703 : Apple Install Framework Legacy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges. CVE-ID CVE-2015-3704 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3705 : KEEN Team CVE-2015-3706 : KEEN Team IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking. CVE-ID CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3720 : Stefan Esser Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to overwrite arbitrary files Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links. CVE-ID CVE-2015-3708 : Ian Beer of Google Project Zero kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A local user may be able to load unsigned kernel extensions Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek ntfs Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management. CVE-ID CVE-2015-1798 CVE-2015-1799 OpenSSL Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf. CVE-ID CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 QuickTime Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. CVE-ID CVE-2013-1741 Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation. CVE-ID CVE-2015-3714 : Joshua Pitts of Leviathan Security Group Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to bypass code signing checks Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation. CVE-ID CVE-2015-3716 : Apple SQLite Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative System Stats Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious app may be able to compromise systemstatsd Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking. CVE-ID CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks TrueTypeScaler Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team zip Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling. CVE-ID CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. https://support.apple.com/en-us/HT204950 OS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue mFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7 kbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo EKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w aGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH cMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL U4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+ aftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U TUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC 3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J 1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI +gGm5FbAxjxElgA/gbaq =KLda -----END PGP SIGNATURE-----

Trust: 3.69

sources: NVD: CVE-2015-1798 // CERT/CC: VU#374268 // JVNDB: JVNDB-2015-002115 // BID: 73950 // BID: 73951 // VULMON: CVE-2015-1798 // PACKETSTORM: 133699 // PACKETSTORM: 131582 // PACKETSTORM: 131342 // PACKETSTORM: 131385 // PACKETSTORM: 134448 // PACKETSTORM: 131396 // PACKETSTORM: 132785 // PACKETSTORM: 132518

AFFECTED PRODUCTS

vendor:ntpmodel:ntpscope:lteversion:4.2.7p444

Trust: 1.0

vendor:aristamodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:ntpmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:necmodel:univergescope:eqversion:ip8800 series

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.3

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.2.8p2

Trust: 0.8

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.3

Trust: 0.6

vendor:extremenetworksmodel:ids/ipsscope:eqversion:8.3.0.0

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:7.3

Trust: 0.6

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:9.3

Trust: 0.6

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.6

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.6

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:eqversion:15.7

Trust: 0.6

vendor:extremenetworksmodel:purviewscope:neversion:6.3.0.182

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:neversion:15.6.4

Trust: 0.6

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.6

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:eqversion:15.4.1.0

Trust: 0.6

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.0

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:neversion:16.1.2

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:10.0

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:9.2

Trust: 0.6

vendor:extremenetworksmodel:ids/ipsscope:neversion:8.3.0.350

Trust: 0.6

vendor:ciscomodel:ios xr softwarescope:eqversion:0

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.10.4

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:eqversion:21.1

Trust: 0.6

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.6

vendor:ciscomodel:network convergence system series routersscope:eqversion:60005.0.1

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:eqversion:16.2

Trust: 0.6

vendor:ciscomodel:unified computing system central softwarescope:eqversion:1.0

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.6

vendor:ciscomodel:network convergence system series routersscope:eqversion:60005.0

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:8.3

Trust: 0.6

vendor:extremenetworksmodel:nacscope:neversion:6.3.0.182

Trust: 0.6

vendor:rockwellmodel:automation stratixscope:neversion:590015.6.3

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:8.0

Trust: 0.6

vendor:meinbergmodel:network time protocolscope:eqversion:4.2.6

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.6

vendor:extremenetworksmodel:netsightscope:eqversion:6.3.0.0

Trust: 0.6

vendor:extremenetworksmodel:identifi wirelessscope:eqversion:10.11

Trust: 0.6

vendor:meinbergmodel:network time protocolscope:eqversion:4.2.7

Trust: 0.6

vendor:ibmmodel:security network protectionscope:eqversion:5.3

Trust: 0.6

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.6

vendor:meinbergmodel:network time protocolscope:eqversion:4.2.8

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:neversion:21.1.1

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:7.4

Trust: 0.6

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.6

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:9.0

Trust: 0.6

vendor:rockwellmodel:automation stratixscope:eqversion:59000

Trust: 0.6

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.6

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.6

vendor:extremenetworksmodel:purviewscope:eqversion:6.3.0.0

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.6

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.2

Trust: 0.6

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:neversion:16.2.1

Trust: 0.6

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.6

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.6

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.6

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.6

vendor:ubuntumodel:linuxscope:eqversion:14.10

Trust: 0.6

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.1

Trust: 0.6

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.6

vendor:extremenetworksmodel:summit wm3000 seriesscope:eqversion:0

Trust: 0.6

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.6

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.6

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.6

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.6

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.6

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.6

vendor:ibmmodel:smartcloud provisioning for software virtual appliancescope:eqversion:2.1

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:8.2

Trust: 0.6

vendor:extremenetworksmodel:nacscope:eqversion:6.3.0.0

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:8.1

Trust: 0.6

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:8.4

Trust: 0.6

vendor:extremenetworksmodel:identifi wirelessscope:neversion:10.11.1

Trust: 0.6

vendor:extremenetworksmodel:extremexosscope:neversion:15.7.2

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:9.1

Trust: 0.6

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.6

vendor:ibmmodel:security network protectionscope:eqversion:5.2.0

Trust: 0.6

vendor:ciscomodel:unified computing system central softwarescope:eqversion:1.1

Trust: 0.6

vendor:extremenetworksmodel:netsightscope:neversion:6.3.0.182

Trust: 0.6

vendor:freebsdmodel:freebsdscope:eqversion:10.1

Trust: 0.6

vendor:ibmmodel:flex system managerscope:eqversion:1.2.1.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56003

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1.16

Trust: 0.3

vendor:ibmmodel:puredata system for operational analyticsscope:eqversion:1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.50

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.4.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.7.16

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.16

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2.0.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2.6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.3.5

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56002

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:76000

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.75

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:ibmmodel:puredata system for operational analyticsscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56001

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.9.5

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.1.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8.15

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77100

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.4

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.1.0.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77000

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.68

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.9.6

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.3.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:meinbergmodel:ntpscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2.15

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.9

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.4.0

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.7p10scope: - version: -

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.5p99scope: - version: -

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.7p11scope: - version: -

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.6p2scope: - version: -

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.6p3scope: - version: -

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.8p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:9.0

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.6p5scope: - version: -

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.6p1scope: - version: -

Trust: 0.3

vendor:meinbergmodel:network time protocol 4.2.7p230scope: - version: -

Trust: 0.3

sources: CERT/CC: VU#374268 // BID: 73950 // BID: 73951 // JVNDB: JVNDB-2015-002115 // NVD: CVE-2015-1798

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1798
value: LOW

Trust: 1.0

NVD: CVE-2015-1798
value: LOW

Trust: 0.8

VULMON: CVE-2015-1798
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-1798
severity: LOW
baseScore: 1.8
vectorString: AV:A/AC:H/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2015-1798 // JVNDB: JVNDB-2015-002115 // NVD: CVE-2015-1798

PROBLEMTYPE DATA

problemtype:CWE-17

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-002115 // NVD: CVE-2015-1798

THREAT TYPE

network

Trust: 0.6

sources: BID: 73950 // BID: 73951

TYPE

Unknown

Trust: 0.3

sources: BID: 73950

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002115

PATCH

title:APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

Trust: 0.8

title:HT204942url:https://support.apple.com/en-us/HT204942

Trust: 0.8

title:HT204942url:https://support.apple.com/ja-jp/HT204942

Trust: 0.8

title:cisco-sa-20150408-ntpdurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd

Trust: 0.8

title:NV17-008url:http://jpn.nec.com/security-info/secinfo/nv17-008.html

Trust: 0.8

title:Bug 2779url:http://bugs.ntp.org/show_bug.cgi?id=2779

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - April 2015url:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Trust: 0.8

title:Recent Vulnerabilitiesurl:http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Trust: 0.8

title:38276url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38276

Trust: 0.8

title:cisco-sa-20150408-ntpdurl:http://www.cisco.com/cisco/web/support/JP/112/1128/1128965_cisco-sa-20150408-ntpd-j.html

Trust: 0.8

title:Red Hat: Moderate: ntp security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152231 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: ntp: CVE-2015-1798 CVE-2015-1799url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d133e5923f2516253cdb12d9d3c37c05

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2567-1

Trust: 0.1

title:Red Hat: CVE-2015-1798url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-1798

Trust: 0.1

title:Debian Security Advisories: DSA-3223-1 ntp -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d552cdc6350071420c8916bcaed96264

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-520url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-520

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Productsurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150408-ntpd

Trust: 0.1

title:Apple: OS X Yosemite v10.10.4 and Security Update 2015-005url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2015/04/09/ntp_vulns/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2015/04/09/cisco_security_software_needs_security_patch/

Trust: 0.1

title:Threatposturl:https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067/

Trust: 0.1

sources: VULMON: CVE-2015-1798 // JVNDB: JVNDB-2015-002115

EXTERNAL IDS

db:CERT/CCid:VU#374268

Trust: 3.3

db:NVDid:CVE-2015-1798

Trust: 3.3

db:BIDid:73951

Trust: 1.4

db:SECTRACKid:1032032

Trust: 1.1

db:MCAFEEid:SB10114

Trust: 1.1

db:JVNid:JVNVU95993136

Trust: 0.8

db:JVNDBid:JVNDB-2015-002115

Trust: 0.8

db:ICS CERTid:ICSA-17-094-04

Trust: 0.7

db:BIDid:73950

Trust: 0.3

db:VULMONid:CVE-2015-1798

Trust: 0.1

db:PACKETSTORMid:133699

Trust: 0.1

db:PACKETSTORMid:131582

Trust: 0.1

db:PACKETSTORMid:131342

Trust: 0.1

db:PACKETSTORMid:131385

Trust: 0.1

db:PACKETSTORMid:134448

Trust: 0.1

db:PACKETSTORMid:131396

Trust: 0.1

db:PACKETSTORMid:132785

Trust: 0.1

db:PACKETSTORMid:132518

Trust: 0.1

sources: CERT/CC: VU#374268 // VULMON: CVE-2015-1798 // BID: 73950 // BID: 73951 // JVNDB: JVNDB-2015-002115 // PACKETSTORM: 133699 // PACKETSTORM: 131582 // PACKETSTORM: 131342 // PACKETSTORM: 131385 // PACKETSTORM: 134448 // PACKETSTORM: 131396 // PACKETSTORM: 132785 // PACKETSTORM: 132518 // NVD: CVE-2015-1798

REFERENCES

url:http://www.kb.cert.org/vuls/id/374268

Trust: 2.5

url:http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities

Trust: 2.0

url:http://bugs.ntp.org/show_bug.cgi?id=2779

Trust: 1.9

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150408-ntpd

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 1.7

url:http://tools.cisco.com/security/center/viewalert.x?alertid=38276

Trust: 1.5

url:https://security.gentoo.org/glsa/201509-01

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2015-1459.html

Trust: 1.2

url:http://www.securitytracker.com/id/1032032

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:202

Trust: 1.1

url:http://www.securityfocus.com/bid/73951

Trust: 1.1

url:http://www.debian.org/security/2015/dsa-3223

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-2567-1

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155863.html

Trust: 1.1

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10114

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155864.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html

Trust: 1.1

url:http://support.apple.com/kb/ht204942

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=143213867103400&w=2

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1798

Trust: 1.0

url:http://bugs.ntp.org/show_bug.cgi?id=2781

Trust: 0.8

url:http://www.ntp.org/downloads.html

Trust: 0.8

url:https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc

Trust: 0.8

url:http://support.ntp.org/bin/view/main/securitynoticehttp://www.ntp.org/downloads.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95993136/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1798

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-1799

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-1798

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-04

Trust: 0.7

url:http://www.ntp.org

Trust: 0.6

url:http://seclists.org/bugtraq/2015/apr/156

Trust: 0.6

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679309

Trust: 0.6

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1022814

Trust: 0.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21966578

Trust: 0.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21975967

Trust: 0.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg2c1000111

Trust: 0.6

url:https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2015-006-symmetric-key-ntp/?q=cve-2015-1798&l=en_us&fs=search&pn=1

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2015-1798

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-1799

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=38275

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1022831

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21966675

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21967791

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-1798

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-9297

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1799

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-9297

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-3405

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-1799

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-9298

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3405

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9298

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/17.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067/

Trust: 0.1

url:https://usn.ubuntu.com/2567-1/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1798

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5146

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5146

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://www.freebsd.org/handbook/makeworld.html>.

Trust: 0.1

url:https://security.freebsd.org/>.

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:07/ntp.patch.asc

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:07/ntp.patch

Trust: 0.1

url:https://security.freebsd.org/advisories/freebsd-sa-15:07.ntp.asc>

Trust: 0.1

url:https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1798>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9297>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1799>

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-9750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9751

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2015-2231.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-9751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9750

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8141

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0235

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:https://support.apple.com/en-us/ht204938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8127

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3661

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3671

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1741

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8130

Trust: 0.1

url:https://support.apple.com/en-

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3662

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1157

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/en-us/ht204950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3668

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0273

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3667

Trust: 0.1

sources: CERT/CC: VU#374268 // VULMON: CVE-2015-1798 // BID: 73950 // BID: 73951 // JVNDB: JVNDB-2015-002115 // PACKETSTORM: 133699 // PACKETSTORM: 131582 // PACKETSTORM: 131342 // PACKETSTORM: 131385 // PACKETSTORM: 134448 // PACKETSTORM: 131396 // PACKETSTORM: 132785 // PACKETSTORM: 132518 // NVD: CVE-2015-1798

CREDITS

Miroslav Lichv&amp;amp;amp;amp;amp;aacute;r of Red Hat

Trust: 0.3

sources: BID: 73950

SOURCES

db:CERT/CCid:VU#374268
db:VULMONid:CVE-2015-1798
db:BIDid:73950
db:BIDid:73951
db:JVNDBid:JVNDB-2015-002115
db:PACKETSTORMid:133699
db:PACKETSTORMid:131582
db:PACKETSTORMid:131342
db:PACKETSTORMid:131385
db:PACKETSTORMid:134448
db:PACKETSTORMid:131396
db:PACKETSTORMid:132785
db:PACKETSTORMid:132518
db:NVDid:CVE-2015-1798

LAST UPDATE DATE

2024-12-25T22:24:38.404000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#374268date:2015-04-10T00:00:00
db:VULMONid:CVE-2015-1798date:2018-01-05T00:00:00
db:BIDid:73950date:2017-05-23T16:24:00
db:BIDid:73951date:2017-05-23T16:24:00
db:JVNDBid:JVNDB-2015-002115date:2017-03-09T00:00:00
db:NVDid:CVE-2015-1798date:2024-11-21T02:26:10.010

SOURCES RELEASE DATE

db:CERT/CCid:VU#374268date:2015-04-07T00:00:00
db:VULMONid:CVE-2015-1798date:2015-04-08T00:00:00
db:BIDid:73950date:2015-04-07T00:00:00
db:BIDid:73951date:2015-04-07T00:00:00
db:JVNDBid:JVNDB-2015-002115date:2015-04-09T00:00:00
db:PACKETSTORMid:133699date:2015-09-25T06:54:41
db:PACKETSTORMid:131582date:2015-04-22T20:14:29
db:PACKETSTORMid:131342date:2015-04-08T15:32:46
db:PACKETSTORMid:131385date:2015-04-13T14:03:24
db:PACKETSTORMid:134448date:2015-11-20T00:42:01
db:PACKETSTORMid:131396date:2015-04-13T14:05:55
db:PACKETSTORMid:132785date:2015-07-22T17:56:04
db:PACKETSTORMid:132518date:2015-07-01T05:31:53
db:NVDid:CVE-2015-1798date:2015-04-08T10:59:04.610