ID

VAR-201701-1135


CVE

CVE-2015-8138


TITLE

NTP.org ntpd contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#718152

DESCRIPTION

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause a denial-of-service condition. ========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in NTP. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. This issue only affected Ubuntu 16.04 LTS. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976) Stephen Gray discovered that NTP incorrectly handled large restrict lists. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138) Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. (CVE-2015-8158) It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727) Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547) Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548) Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550) Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. (CVE-2016-2516) Yihan Lian discovered that NTP incorrectly handled certail peer associations. A remote attacker could possibly use this issue to cause a denial of service. A remote attacker could possibly use this issue to cause a denial of service. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p6-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p6-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p6-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p6-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p6-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p6-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 31365ae4f12849e65d4ad1c8c7d5f89a ntp-4.2.8p6-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 5a2d24bdacd8dd05ab9e0613c829212b ntp-4.2.8p6-x86_64-1_slack13.0.txz Slackware 13.1 package: e70f7422bc81c144e6fac1df2c202634 ntp-4.2.8p6-i486-1_slack13.1.txz Slackware x86_64 13.1 package: f6637f6d24b94a6b17c68467956a6283 ntp-4.2.8p6-x86_64-1_slack13.1.txz Slackware 13.37 package: 82601e105f95e324dfd1e2f0df513673 ntp-4.2.8p6-i486-1_slack13.37.txz Slackware x86_64 13.37 package: d3ba32d46f7eef8f75a3444bbee4c677 ntp-4.2.8p6-x86_64-1_slack13.37.txz Slackware 14.0 package: c5ff13e58fbbea0b7a677e947449e7b1 ntp-4.2.8p6-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9e2abfaf0b0b7bf84a8a4db89f60eff6 ntp-4.2.8p6-x86_64-1_slack14.0.txz Slackware 14.1 package: e1e6b84808b7562314e0e29479153553 ntp-4.2.8p6-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 8db0a4ca68805c7f5e487d5bcd69d098 ntp-4.2.8p6-x86_64-1_slack14.1.txz Slackware -current package: f96f443f54a74c20b5eb67467f5958ea n/ntp-4.2.8p6-i586-1.txz Slackware x86_64 -current package: 5e256f2e1906b4c75047a966996a7a41 n/ntp-4.2.8p6-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p6-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Please review the CVE identifiers referenced below for details. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8" References ========== [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2016:0063-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0063.html Issue date: 2016-01-25 CVE Names: CVE-2015-8138 ===================================================================== 1. Summary: Updated ntp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. (CVE-2015-8138) All ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1299442 - CVE-2015-8138 ntp: missing check for zero originate timestamp 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-5.el6_7.4.src.rpm i386: ntp-4.2.6p5-5.el6_7.4.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm ntpdate-4.2.6p5-5.el6_7.4.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm ntp-perl-4.2.6p5-5.el6_7.4.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-5.el6_7.4.src.rpm x86_64: ntp-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-5.el6_7.4.src.rpm i386: ntp-4.2.6p5-5.el6_7.4.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm ntpdate-4.2.6p5-5.el6_7.4.i686.rpm ppc64: ntp-4.2.6p5-5.el6_7.4.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.ppc64.rpm ntpdate-4.2.6p5-5.el6_7.4.ppc64.rpm s390x: ntp-4.2.6p5-5.el6_7.4.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.s390x.rpm ntpdate-4.2.6p5-5.el6_7.4.s390x.rpm x86_64: ntp-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm ntp-perl-4.2.6p5-5.el6_7.4.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-5.el6_7.4.ppc64.rpm ntp-perl-4.2.6p5-5.el6_7.4.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-5.el6_7.4.s390x.rpm ntp-perl-4.2.6p5-5.el6_7.4.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-5.el6_7.4.src.rpm i386: ntp-4.2.6p5-5.el6_7.4.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm ntpdate-4.2.6p5-5.el6_7.4.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.4.i686.rpm ntp-perl-4.2.6p5-5.el6_7.4.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.4.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.4.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.4.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-22.el7_2.1.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.1.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.1.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm sntp-4.2.6p5-22.el7_2.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-22.el7_2.1.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.1.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.1.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm sntp-4.2.6p5-22.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-22.el7_2.1.src.rpm ppc64: ntp-4.2.6p5-22.el7_2.1.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.1.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.1.ppc64.rpm ppc64le: ntp-4.2.6p5-22.el7_2.1.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.1.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.1.ppc64le.rpm s390x: ntp-4.2.6p5-22.el7_2.1.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.1.s390x.rpm ntpdate-4.2.6p5-22.el7_2.1.s390x.rpm x86_64: ntp-4.2.6p5-22.el7_2.1.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.1.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.1.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.1.ppc64.rpm sntp-4.2.6p5-22.el7_2.1.ppc64.rpm ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.1.ppc64le.rpm sntp-4.2.6p5-22.el7_2.1.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-22.el7_2.1.s390x.rpm sntp-4.2.6p5-22.el7_2.1.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm sntp-4.2.6p5-22.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-22.el7_2.1.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.1.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.1.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.1.x86_64.rpm sntp-4.2.6p5-22.el7_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8138 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWpijmXlSAg2UNWIIRAlKDAJ9cuPIz/2ne6I5rsDoKlg2rFxFKlQCbBhEi h+3u/C5uuGO6PsIJukpD32I= =Osu4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03766en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03766en_us Version: 1 HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-07-20 Last Updated: 2017-07-20 Potential Security Impact: Local: Denial of Service (DoS); Remote: Denial of Service (DoS), Unauthorized Modification Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. References: - CVE-2015-7973 - ntp - CVE-2015-7974 - ntp - CVE-2015-7975 - ntp - CVE-2015-7979 - ntp - CVE-2015-8138 - ntp - CVE-2015-8158 - ntp SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP ConvergedSystem 700 1.0 - HP ConvergedSystem 700 for Virtualization 1.0 - HP ConvergedSystem 700x 1.0 - HP ConvergedSystem 700x for Microsoft Solution Kit 1.0 - HP ConvergedSystem 700x for VMware Solution Kit 1.0 - HP ConvergedSystem 700x Solution Kit 1.0 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2015-7973 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE-2015-7974 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N) CVE-2015-7975 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P) CVE-2015-7979 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2015-8138 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2015-8158 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE recommends upgrading your network switches to Comware v5 Version R2221P30 that are part of the HP ConvergedSystem 700 Solution as listed below: * CS700/CS700x 1.0: + HPN 5120 EI Switch (JE068A) * HPE has provided the following Customer Notice that includes links to documentation to assist you in maintaining your HPE ConvergedSystem 700 solution: + <http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-a00006123en_ s> **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 21 July 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. CVE-2016-2518 Yihan Lian discovered that an OOB memory access could potentially crash ntpd. For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p7+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p7+dfsg-1. We recommend that you upgrade your ntp packages. Corrected: 2016-01-22 15:55:21 UTC (stable/10, 10.2-STABLE) 2016-01-27 07:41:31 UTC (releng/10.2, 10.2-RELEASE-p11) 2016-01-27 07:41:31 UTC (releng/10.1, 10.1-RELEASE-p28) 2016-01-22 15:56:35 UTC (stable/9, 9.3-STABLE) 2016-01-27 07:42:11 UTC (releng/9.3, 9.3-RELEASE-p35) CVE Name: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. II. Problem Description Multiple vulnerabilities have been discovered in ntp 4.2.8p5: Potential Infinite Loop in ntpq. [CVE-2015-8138] Off-path Denial of Service (DoS) attack on authenticated broadcast mode. [CVE-2015-7979] Stack exhaustion in recursive traversal of restriction list. [CVE-2015-7978] reslist NULL pointer dereference. [CVE-2015-7977] ntpq saveconfig command allows dangerous characters in filenames. [CVE-2015-7976] nextvar() missing length check. [CVE-2015-7975] Skeleton Key: Missing key check allows impersonation between authenticated peers. [CVE-2015-7974] Deja Vu: Replay attack on authenticated broadcast mode. [CVE-2015-7973] ntpq vulnerable to replay attacks. [CVE-2015-8140] Origin Leak: ntpq and ntpdc, disclose origin. [CVE-2015-8139] III. Impact A malicious NTP server, or an attacker who can conduct MITM attack by intercepting NTP query traffic, may be able to cause a ntpq client to infinitely loop. [CVE-2015-8158] A malicious NTP server, or an attacker who can conduct MITM attack by intercepting NTP query traffic, may be able to prevent a ntpd(8) daemon to distinguish between legitimate peer responses from forgeries. This can partially be mitigated by configuring multiple time sources. [CVE-2015-8138] An off-path attacker who can send broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to broadcast clients can cause these clients to tear down associations. [CVE-2015-7979] An attacker who can send unauthenticated 'reslist' command to a NTP server may cause it to crash, resulting in a denial of service condition due to stack exhaustion [CVE-2015-7978] or a NULL pointer dereference [CVE-2015-7977]. An attacker who can send 'modify' requests to a NTP server may be able to create file that contain dangerous characters in their name, which could cause dangerous behavior in a later shell invocation. [CVE-2015-7976] A remote attacker may be able to crash a ntpq client. [CVE-2015-7975] A malicious server which holds a trusted key may be able to impersonate other trusted servers in an authenticated configuration. [CVE-2015-7974] A man-in-the-middle attacker or a malicious participant that has the same trusted keys as the victim can replay time packets if the NTP network is configured for broadcast operations. [CVE-2015-7973] The ntpq protocol is vulnerable to replay attacks which may be used to e.g. re-establish an association to malicious server. [CVE-2015-8140] An attacker who can intercept NTP traffic can easily forge live server responses. [CVE-2015-8139] IV. Workaround No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The ntpd service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch # fetch https://security.FreeBSD.org/patches/SA-16:09/ntp.patch.asc # gpg --verify ntp.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r294570 releng/9.3/ r294905 stable/10/ r294569 releng/10.1/ r294904 releng/10.2/ r294904 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII

Trust: 3.33

sources: NVD: CVE-2015-8138 // CERT/CC: VU#718152 // JVNDB: JVNDB-2015-007359 // BID: 81811 // VULMON: CVE-2015-8138 // PACKETSTORM: 138984 // PACKETSTORM: 135914 // PACKETSTORM: 137992 // PACKETSTORM: 135358 // PACKETSTORM: 143414 // PACKETSTORM: 138052 // PACKETSTORM: 135401

AFFECTED PRODUCTS

vendor:ntpmodel:ntpscope:eqversion:4.3.25

Trust: 1.9

vendor:ntpmodel:ntpscope:eqversion:4.3.22

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.29

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.20

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.23

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.21

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.24

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.26

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.27

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.28

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.3.77

Trust: 1.3

vendor:ntpmodel:ntpscope:eqversion:4.3.70

Trust: 1.3

vendor:ntpmodel:ntpscope:eqversion:4.3.58

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.36

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.79

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.54

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.86

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.50

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.75

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.51

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.45

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.18

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.44

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.33

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.71

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.76

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.65

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.35

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.12

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.85

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.41

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.13

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.81

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.67

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.89

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.66

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.1

Trust: 1.0

vendor:ntpmodel:ntpscope:lteversion:4.2.8

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.60

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.84

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.59

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.39

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.43

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.16

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.15

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.53

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.47

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.57

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.83

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.80

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.10

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.8

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.17

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.55

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.52

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.82

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.64

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.3

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.68

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.69

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.2

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.19

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.7

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.42

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.74

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.72

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.4

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.5

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.46

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.88

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.63

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.78

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.87

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.40

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.14

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.11

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.62

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.48

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.61

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.56

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.30

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.34

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.49

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.31

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.32

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.38

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.6

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.37

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.73

Trust: 1.0

vendor:ntpmodel: - scope: - version: -

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.2.8p6

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.3.x

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion: -

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.3.90

Trust: 0.8

vendor:junipermodel:junos 15.1f6-s4scope: - version: -

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.3.0.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:10.2-release-p8scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:junipermodel:junos 14.2r7-s6scope:neversion: -

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.5

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.4

Trust: 0.3

vendor:ntpmodel:4.2.8p6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s3scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.4.0.0

Trust: 0.3

vendor:freebsdmodel:10.1-release-p26scope: - version: -

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3400

Trust: 0.3

vendor:junipermodel:junos 15.1f3scope: - version: -

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:3210

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.3

Trust: 0.3

vendor:ntpmodel:p7-rc2scope:eqversion:4.2.4

Trust: 0.3

vendor:ciscomodel:jabber guestscope:eqversion:10.0(2)

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:freebsdmodel:10.1-release-p5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:ibmmodel:real-time compression appliancescope:eqversion:4.1.2

Trust: 0.3

vendor:ciscomodel:prime license managerscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 14.1r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r8scope:neversion: -

Trust: 0.3

vendor:ciscomodel:visual quality experience serverscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p22scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:junipermodel:junos 14.1r3-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:0

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.7

Trust: 0.3

vendor:freebsdmodel:9.3-release-p10scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p1scope: - version: -

Trust: 0.3

vendor:ciscomodel:prime infrastructure standalone plug and play gatewayscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ntpmodel:4.2.8p3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:ciscomodel:prime access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:scosscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 14.1r4-s7scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p17scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s2scope:neversion: -

Trust: 0.3

vendor:ibmmodel:integrated management module ii for flex systems 1aoo74f-5.80scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s16scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.6

Trust: 0.3

vendor:freebsdmodel:10.2-release-p11scope:neversion: -

Trust: 0.3

vendor:ciscomodel:clean access managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:common services platform collectorscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.2-release-p9scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p27scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:media experience enginesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wap371 wireless access pointscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.2

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:freebsdmodel:10.2-release-p6scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1

Trust: 0.3

vendor:ciscomodel:mediasensescope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 17.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d70scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sentinelscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ucs directorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence isdn linkscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:physical access managerscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:oraclemodel:communications session border controllerscope:eqversion:7.2.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ciscomodel:nac guest serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:enterprise content delivery systemscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:junipermodel:junos 14.2r6.5scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:freebsdmodel:10.2-release-p10scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:ciscomodel:video delivery system recorderscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:ntpmodel:ntpdscope:eqversion:4.3

Trust: 0.3

vendor:oraclemodel:communications session border controllerscope:eqversion:7.3.0

Trust: 0.3

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5

Trust: 0.3

vendor:ibmmodel:integrated management module ii for flex systems 1aooscope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.5p186scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.22

Trust: 0.3

vendor:freebsdmodel:9.3-stablescope:neversion: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p1scope: - version: -

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.1-release-p9scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:ntpmodel:4.2.5p3scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:eqversion:9.1.0.00

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:neversion:2.46

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:ciscomodel:unity expressscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:neversion:2.26

Trust: 0.3

vendor:junipermodel:junos 15.1r4-s7scope:neversion: -

Trust: 0.3

vendor:ntpmodel:4.2.8p5scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence exchange systemscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:ntpmodel:4.2.7p111scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.4

Trust: 0.3

vendor:freebsdmodel:9.3-release-p3scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.32

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.3

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.2

Trust: 0.3

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s5scope: - version: -

Trust: 0.3

vendor:ciscomodel:intrusion prevention system solutionsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrarscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:onepk all-in-one vmscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:integrated management module ii for system 1aooscope:eqversion:x

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s7scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p25scope: - version: -

Trust: 0.3

vendor:ntpmodel:ntpscope:neversion:4.3.90

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:ciscomodel:series ip phones vpn featurescope:eqversion:8800-0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:1210

Trust: 0.3

vendor:ciscomodel:industrial routerscope:eqversion:9100

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2rscope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.3.0.33

Trust: 0.3

vendor:freebsdmodel:10.1-release-p28scope:neversion: -

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ciscomodel:video distribution suite for internet streamingscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1

Trust: 0.3

vendor:ntpmodel:4.2.7p366scope: - version: -

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:junipermodel:junos 14.2r6-s4scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope: - version: -

Trust: 0.3

vendor:ciscomodel:dcm series 9900-digital content managerscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:freebsdmodel:9.3-release-p21scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d40scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d50scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p24scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f7scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:freebsdmodel:10.1-release-p19scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:integrated management module ii for bladecenter 1aoo74f-5.80scope:neversion: -

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:neversion:9.1.8.01.00

Trust: 0.3

vendor:ntpmodel:p153scope:eqversion:4.2.5

Trust: 0.3

vendor:freebsdmodel:9.3-release-p13scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:ciscomodel:network device security assessmentscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:junipermodel:junos 14.1r6-s1scope: - version: -

Trust: 0.3

vendor:ibmmodel:integrated management module ii for bladecenter 1aooscope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:ciscomodel:asa cx and cisco prime security managerscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4-s2scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:ciscomodel:standalone rack server cimcscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.2.0.0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p33scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.2

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s2scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d64scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:neversion:2.36

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 16.1r5scope:neversion: -

Trust: 0.3

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.1-release-p25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ciscomodel:meetingplacescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:neversion:9.0.3.16.00

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ciscomodel:unified computing system e-series blade serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:junipermodel:junos 14.2r2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f1scope: - version: -

Trust: 0.3

vendor:ntpmodel:p74scope:eqversion:4.2.5

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.8

Trust: 0.3

vendor:ibmmodel:integrated management module ii for system 1aoo74f-5.80scope:neversion:x

Trust: 0.3

vendor:ntpmodel:4.2.8p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s5scope: - version: -

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3000

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ciscomodel:management heartbeat serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ibmmodel:real-time compression appliancescope:neversion:4.1.17

Trust: 0.3

vendor:ntpmodel:p6scope:eqversion:4.2.4

Trust: 0.3

vendor:ciscomodel:connected grid routersscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.2

Trust: 0.3

vendor:ntpmodel:p7scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:4.2.0.ascope: - version: -

Trust: 0.3

vendor:ciscomodel:nac serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.12

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.1.2

Trust: 0.3

vendor:ciscomodel:nac appliancescope:eqversion:0

Trust: 0.3

vendor:ntpmodel:p5scope:eqversion:4.2.4

Trust: 0.3

vendor:freebsdmodel:9.3-release-p31scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:neversion:3.2

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.3

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30.7scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.02

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 14.1r3-s9scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p4scope: - version: -

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.1.0.0

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 17.2r1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:telepresence ex seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:eqversion:9.0

Trust: 0.3

vendor:ntpmodel:4.2.7p11scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.34

Trust: 0.3

vendor:junipermodel:junos 15.1f2scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:ntpmodel:p150scope:eqversion:4.2.5

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d80scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:10.2-stablescope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p5scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:ciscomodel:telepresence conductorscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:neversion:3.1

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:content security appliance updater serversscope:eqversion:0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:ntpmodel:p8scope:eqversion:4.2.4

Trust: 0.3

vendor:freebsdmodel:10.1-release-p23scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p16scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager session management editionscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 14.1r9scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p6scope: - version: -

Trust: 0.3

vendor:ciscomodel:support centralscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope: - version: -

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:5000

Trust: 0.3

vendor:ciscomodel:virtual security gateway for microsoft hyper-vscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s5scope:neversion: -

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d231scope:neversion: -

Trust: 0.3

vendor:ciscomodel:prime service catalog virtual appliancescope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:ciscomodel:access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:ciscomodel:videoscape control suitescope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p34scope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s14scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ucs centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence profile seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience tools serverscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.8p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:neversion:7.10.1.38.00

Trust: 0.3

vendor:ciscomodel:im and presence servicescope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p29scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:ciscomodel:cloud object storescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:eqversion:7.10

Trust: 0.3

sources: CERT/CC: VU#718152 // BID: 81811 // JVNDB: JVNDB-2015-007359 // CNNVD: CNNVD-201601-668 // NVD: CVE-2015-8138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8138
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8138
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201601-668
value: MEDIUM

Trust: 0.6

VULMON: CVE-2015-8138
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8138
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2015-8138
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2015-8138 // JVNDB: JVNDB-2015-007359 // CNNVD: CNNVD-201601-668 // NVD: CVE-2015-8138

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2015-007359 // NVD: CVE-2015-8138

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 138984 // PACKETSTORM: 135358 // CNNVD: CNNVD-201601-668

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201601-668

PATCH

title:RHSA-2016url:http://support.ntp.org/bin/view/Main/NtpBug2945

Trust: 0.8

title:NTP Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147385

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/

Trust: 0.2

title:Red Hat: CVE-2015-8138url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-8138

Trust: 0.1

title:Brocade Security Advisories: BSA-2017-257url:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=f9a3761f4e4c3763091ffa2496cb5def

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-649url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-649

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3096-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=e70fe4cd19746222a97e5da53d3d2b2a

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=85311fa037162a48cd67fd63f52a6478

Trust: 0.1

title:Symantec Security Advisories: SA113 : January 2016 NTP Security Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=1a84824eac476a84dbbcf797d2d35a1f

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160127-ntpd

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=8ad80411af3e936eb2998df70506cc71

Trust: 0.1

title:satellite-host-cveurl:https://github.com/RedHatSatellite/satellite-host-cve

Trust: 0.1

sources: VULMON: CVE-2015-8138 // JVNDB: JVNDB-2015-007359 // CNNVD: CNNVD-201601-668

EXTERNAL IDS

db:CERT/CCid:VU#718152

Trust: 3.6

db:NVDid:CVE-2015-8138

Trust: 3.5

db:BIDid:81811

Trust: 2.0

db:SIEMENSid:SSA-497656

Trust: 1.7

db:SIEMENSid:SSA-211752

Trust: 1.7

db:ICS CERTid:ICSA-21-103-11

Trust: 1.7

db:SECTRACKid:1034782

Trust: 1.7

db:JVNid:JVNVU95781418

Trust: 0.8

db:JVNid:JVNVU96269392

Trust: 0.8

db:JVNid:JVNVU91176422

Trust: 0.8

db:JVNDBid:JVNDB-2015-007359

Trust: 0.8

db:ICS CERTid:ICSA-21-159-11

Trust: 0.6

db:CS-HELPid:SB2021061008

Trust: 0.6

db:CNNVDid:CNNVD-201601-668

Trust: 0.6

db:JUNIPERid:JSA10776

Trust: 0.3

db:TALOSid:TALOS-2016-0077

Trust: 0.3

db:VULMONid:CVE-2015-8138

Trust: 0.1

db:PACKETSTORMid:138984

Trust: 0.1

db:PACKETSTORMid:135914

Trust: 0.1

db:PACKETSTORMid:137992

Trust: 0.1

db:PACKETSTORMid:135358

Trust: 0.1

db:PACKETSTORMid:143414

Trust: 0.1

db:PACKETSTORMid:138052

Trust: 0.1

db:PACKETSTORMid:135401

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2015-8138 // BID: 81811 // JVNDB: JVNDB-2015-007359 // PACKETSTORM: 138984 // PACKETSTORM: 135914 // PACKETSTORM: 137992 // PACKETSTORM: 135358 // PACKETSTORM: 143414 // PACKETSTORM: 138052 // PACKETSTORM: 135401 // CNNVD: CNNVD-201601-668 // NVD: CVE-2015-8138

REFERENCES

url:https://www.kb.cert.org/vuls/id/718152

Trust: 2.9

url:http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security

Trust: 2.5

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Trust: 2.3

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd

Trust: 2.0

url:https://security.gentoo.org/glsa/201607-15

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-3096-1

Trust: 1.8

url:http://www.securityfocus.com/bid/81811

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2016-0063.html

Trust: 1.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161123-ntpd

Trust: 1.7

url:https://bto.bluecoat.com/security-advisory/sa113

Trust: 1.7

url:http://www.securitytracker.com/id/1034782

Trust: 1.7

url:http://www.debian.org/security/2016/dsa-3629

Trust: 1.7

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160127-ntpd

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-january/176434.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177507.html

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.7

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03750en_us

Trust: 1.7

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03766en_us

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20171031-0001/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20171004-0002/

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-16:09.ntp.asc

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Trust: 1.7

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

Trust: 1.6

url:http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit

Trust: 1.1

url:https://jvn.jp/vu/jvnvu91176422/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu96269392/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu95781418/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8138

Trust: 0.8

url:http://support.ntp.org/bin/view/main/ntpbug2945

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7974

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-8138

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061008

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7973

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7979

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7975

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-8158

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7978

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7977

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7976

Trust: 0.4

url:http://www.talosintel.com/reports/talos-2016-0077/

Trust: 0.3

url:http://www.ntp.org

Trust: 0.3

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 0.3

url:https://www.freebsd.org/security/advisories/freebsd-sa-16:09.ntp.asc

Trust: 0.3

url:isg3t1023874

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10776&cat=sirt_1&actp=list

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099470

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023874

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099425

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005821

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21979393

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21980676

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983501

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983506

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1021264

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1547

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1548

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2516

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1550

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2518

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/

Trust: 0.1

url:https://usn.ubuntu.com/3096-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4954

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4955

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8158

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5300

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7979

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7975

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7974

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5300

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7976

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7973

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7978

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7977

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7702

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7855

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7852

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7703

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7704

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7853

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7851

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8138

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03766en_us

Trust: 0.1

url:http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security.freebsd.org/advisories/freebsd-sa-16:09.ntp.asc>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-7975>

Trust: 0.1

url:https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>

Trust: 0.1

url:https://security.freebsd.org/patches/sa-16:09/ntp.patch.asc

Trust: 0.1

url:https://security.freebsd.org/patches/sa-16:09/ntp.patch

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-7977>

Trust: 0.1

url:http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-8138>

Trust: 0.1

url:https://security.freebsd.org/>.

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-7976>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-7974>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-8158>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-7978>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-8140>

Trust: 0.1

url:https://www.freebsd.org/handbook/makeworld.html>.

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-7973>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-8139>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?cve-2015-7979>

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2015-8138 // BID: 81811 // JVNDB: JVNDB-2015-007359 // PACKETSTORM: 138984 // PACKETSTORM: 135914 // PACKETSTORM: 137992 // PACKETSTORM: 135358 // PACKETSTORM: 143414 // PACKETSTORM: 138052 // PACKETSTORM: 135401 // CNNVD: CNNVD-201601-668 // NVD: CVE-2015-8138

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-201601-668

SOURCES

db:CERT/CCid:VU#718152
db:VULMONid:CVE-2015-8138
db:BIDid:81811
db:JVNDBid:JVNDB-2015-007359
db:PACKETSTORMid:138984
db:PACKETSTORMid:135914
db:PACKETSTORMid:137992
db:PACKETSTORMid:135358
db:PACKETSTORMid:143414
db:PACKETSTORMid:138052
db:PACKETSTORMid:135401
db:CNNVDid:CNNVD-201601-668
db:NVDid:CVE-2015-8138

LAST UPDATE DATE

2024-11-11T20:08:18.486000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#718152date:2016-04-28T00:00:00
db:VULMONid:CVE-2015-8138date:2021-06-08T00:00:00
db:BIDid:81811date:2017-05-02T01:08:00
db:JVNDBid:JVNDB-2015-007359date:2021-06-10T08:55:00
db:CNNVDid:CNNVD-201601-668date:2021-11-08T00:00:00
db:NVDid:CVE-2015-8138date:2021-11-17T22:15:45.170

SOURCES RELEASE DATE

db:CERT/CCid:VU#718152date:2016-04-27T00:00:00
db:VULMONid:CVE-2015-8138date:2017-01-30T00:00:00
db:BIDid:81811date:2016-01-20T00:00:00
db:JVNDBid:JVNDB-2015-007359date:2017-02-14T00:00:00
db:PACKETSTORMid:138984date:2016-10-05T22:33:00
db:PACKETSTORMid:135914date:2016-02-25T00:00:21
db:PACKETSTORMid:137992date:2016-07-21T15:56:23
db:PACKETSTORMid:135358date:2016-01-25T16:56:39
db:PACKETSTORMid:143414date:2017-07-20T22:22:00
db:PACKETSTORMid:138052date:2016-07-26T19:19:00
db:PACKETSTORMid:135401date:2016-01-27T17:24:36
db:CNNVDid:CNNVD-201601-668date:2016-01-29T00:00:00
db:NVDid:CVE-2015-8138date:2017-01-30T21:59:00.723