ID

VAR-201708-0039


CVE

CVE-2015-7871


TITLE

NTP  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2015-007708

DESCRIPTION

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. NTP Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Network Time Protocol is prone to a authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. http://creativecommons.org/licenses/by-sa/2.5 . Release Date: 2016-09-21 Last Updated: 2016-09-21 Potential Security Impact: Multiple Remote Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products. References: - CVE-2015-7704 - CVE-2015-7705 - CVE-2015-7855 - CVE-2015-7871 - PSRT110228 - SSRT102943 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed. BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2015-7704 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE-2015-7705 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE-2015-7855 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE-2015-7871 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products. **COMWARE 7 Products** + **12500 (Comware 7) - Version: R7377** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU + **10500 (Comware 7) - Version: R7178** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit + **12900 (Comware 7) - Version: R1138P03** * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis + **5900 (Comware 7) - Version: R2422P02** * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant + **MSR1000 (Comware 7) - Version: R0305P08** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router + **MSR2000 (Comware 7) - Version: R0305P08** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router + **MSR3000 (Comware 7) - Version: R0305P08** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router + **MSR4000 (Comware 7) - Version: R0305P08** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit + **VSR (Comware 7) - Version: E0322** * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router + **7900 (Comware 7) - Version: R2138P03** * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit + **5130 (Comware 7) - Version: R3111P03** * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch + **5700 (Comware 7) - Version: R2422P02** * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch + **5930 (Comware 7) - Version: R2422P02** * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch + **HSR6600 (Comware 7) - Version: R7103P07** * HP Network Products - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router + **HSR6800 (Comware 7) - Version: R7103P07** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit + **1950 (Comware 7) - Version: R3111P03** * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch + **7500 (Comware 7) - Version: R7178** * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit + **5130HI - Version: R1118P02** * HP Network Products - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch + **5510HI - Version: R1118P02** * HP Network Products - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 21 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/. I. II. Problem Description Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected. If ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual long data value where a network address is expected, the decodenetnum() function will abort with an assertion failure instead of simply returning a failure condition. [CVE-2015-7855] If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd(8) that may cause it to crash, with the hypothetical possibility of a small code injection. [CVE-2015-7854] A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853] If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852] If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration. If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration. If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration. If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets. If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey. If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704] The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey. III. Impact An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871] An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704] An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848] An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196] IV. Workaround No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. The ntpd service has to be restarted after the update. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The ntpd service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.2] # fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2 # bunzip2 ntp-102.patch.bz2 # fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc # gpg --verify ntp-102.patch.asc [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2 # bunzip2 ntp-101.patch.bz2 # fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc # gpg --verify ntp-101.patch.asc [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2 # bunzip2 ntp-93.patch.bz2 # fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc # gpg --verify ntp-93.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # find contrib/ntp -type f -empty -delete c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html. d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE. Restart the ntpd(8) daemon, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN VII. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . From: Yury German <blueknight@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <57035F2D.8090108@gentoo.org> Subject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: April 05, 2016 Bugs: #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012 ID: 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 2 app-emulation/xen-pvgrub < 4.6.0 Vulnerable! 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 4 app-emulation/pvgrub >= 4.6.0 *>= 4.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Resolution ========== All Xen 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5" All Xen 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9" All Xen tools 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5" All Xen tools 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9" All Xen pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"= References ========== [ 1 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 2 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 3 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 4 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 5 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 6 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 7 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 8 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 9 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 10 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 11 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 12 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 13 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 14 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 15 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 16 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 17 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 18 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 19 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 20 ] CVE-2015-2151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151 [ 21 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 22 ] CVE-2015-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259 [ 23 ] CVE-2015-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340 [ 24 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 25 ] CVE-2015-4103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103 [ 26 ] CVE-2015-4104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104 [ 27 ] CVE-2015-4105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105 [ 28 ] CVE-2015-4106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106 [ 29 ] CVE-2015-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163 [ 30 ] CVE-2015-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164 [ 31 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 32 ] CVE-2015-7311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311 [ 33 ] CVE-2015-7504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504 [ 34 ] CVE-2015-7812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812 [ 35 ] CVE-2015-7813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813 [ 36 ] CVE-2015-7814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814 [ 37 ] CVE-2015-7835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835 [ 38 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 39 ] CVE-2015-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969 [ 40 ] CVE-2015-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970 [ 41 ] CVE-2015-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971 [ 42 ] CVE-2015-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972 [ 43 ] CVE-2015-8339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339 [ 44 ] CVE-2015-8340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340 [ 45 ] CVE-2015-8341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341 [ 46 ] CVE-2015-8550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550 [ 47 ] CVE-2015-8551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551 [ 48 ] CVE-2015-8552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552 [ 49 ] CVE-2015-8554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554 [ 50 ] CVE-2015-8555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555 [ 51 ] CVE-2016-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270 [ 52 ] CVE-2016-2271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201604-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in NTP. (CVE-2015-5146) Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194) Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195) Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703) Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219) Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) It was discovered that NTP incorrectly handled memory when processing certain autokey messages. (CVE-2015-7701) Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705) Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850) Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852) Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853) John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855) Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1 Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2783-1 CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871 Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6 . On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. CVE-2015-5194 It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. CVE-2015-5195 It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command CVE-2015-5219 It was discovered that sntp program would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. CVE-2015-5300 It was found that ntpd did not correctly implement the -g option: Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. ntpd could actually step the clock multiple times by more than the panic threshold if its clock discipline doesn't have enough time to reach the sync state and stay there for at least one update. If a man-in-the-middle attacker can control the NTP traffic since ntpd was started (or maybe up to 15-30 minutes after that), they can prevent the client from reaching the sync state and force it to step its clock by any amount any number of times, which can be used by attackers to expire certificates, etc. This is contrary to what the documentation says. Normally, the assumption is that an MITM attacker can step the clock more than the panic threshold only once when ntpd starts and to make a larger adjustment the attacker has to divide it into multiple smaller steps, each taking 15 minutes, which is slow. CVE-2015-7701 A memory leak flaw was found in ntpd's CRYPTO_ASSOC. CVE-2015-7703 Miroslav Lichvar of Red Hat found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). For example: ntpq -c ':config pidfile /tmp/ntp.pid' ntpq -c ':config driftfile /tmp/ntp.drift' In Debian ntpd is configured to drop root privileges, which limits the impact of this issue. CVE-2015-7704 If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from the server to reduce its polling rate, it doesn't check if the originate timestamp in the reply matches the transmit timestamp from its request. An off-path attacker can send a crafted KoD packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server. A specially crafted configuration file could cause an endless loop resulting in a denial of service. CVE-2015-7852 A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. CVE-2015-7871 An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto-NAK packets to ntpd. For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6. For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3. We recommend that you upgrade your ntp packages. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 2.7

sources: NVD: CVE-2015-7871 // JVNDB: JVNDB-2015-007708 // BID: 77287 // VULMON: CVE-2015-7871 // PACKETSTORM: 137992 // PACKETSTORM: 138803 // PACKETSTORM: 134082 // PACKETSTORM: 136587 // PACKETSTORM: 134102 // PACKETSTORM: 134034 // PACKETSTORM: 134162 // PACKETSTORM: 134137

AFFECTED PRODUCTS

vendor:ntpmodel:ntpscope:eqversion:4.2.8

Trust: 1.3

vendor:netappmodel:oncommand unified managerscope:eqversion: -

Trust: 1.0

vendor:ntpmodel:ntpscope:ltversion:4.2.8

Trust: 1.0

vendor:ntpmodel:ntpscope:gteversion:4.2.6

Trust: 1.0

vendor:ntpmodel:ntpscope:ltversion:4.3.77

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:oncommand balancescope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand performance managerscope:eqversion: -

Trust: 1.0

vendor:ntpmodel:ntpscope:gteversion:4.3.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.2.5

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.70

Trust: 0.9

vendor:ntpmodel:ntpscope:eqversion: -

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.2.8p4 less than 4.2.x

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.3.77 less than 4.3.x

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.3.67

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.74

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.68

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.69

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.72

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.73

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.75

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.76

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.71

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:2.6.3

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:2.6.2

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:2.0

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:1.16

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:1.14.5

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:1.0

Trust: 0.3

vendor:rockwellmodel:automation stratixscope:eqversion:59000

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.25

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.6

Trust: 0.3

vendor:ntpmodel:4.2.8p3scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p2scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p366scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p111scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p11scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.5p186scope: - version: -

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:eqversion:7.10

Trust: 0.3

vendor:ibmmodel:ib6131 gb infiniband switchscope:eqversion:83.4

Trust: 0.3

vendor:ibmmodel:ib6131 gb infiniband switchscope:eqversion:83.2

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:eqversion:9.1.0.00

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:eqversion:3.4

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:eqversion:3.2

Trust: 0.3

vendor:hpmodel:vsr1008 comware virtual services routerscope:eqversion:70

Trust: 0.3

vendor:hpmodel:vsr1004 comware virtual services routerscope:eqversion:70

Trust: 0.3

vendor:hpmodel:vsr1001 virtual services router day evaluation softwarescope:eqversion:600

Trust: 0.3

vendor:hpmodel:vsr1001 comware virtual services routerscope:eqversion:70

Trust: 0.3

vendor:hpmodel:msr4080 router chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr4060 router chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr4000 taa-compliant mpu-100 main processing unitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr4000 mpu-100 main processing unitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3064 routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3044 routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3024 taa-compliant ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3024 poe routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3024 dc routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3024 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3012 dc routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr3012 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr2004-48 routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr2004-24 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr2003 taa-compliant ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr2003 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr1003-8s ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr1002-4 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6808 router chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6804 router chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6802 router chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6800 rse-x3 router main processing unitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6800 rse-x2 router taa-compliant main processingscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6800 rse-x2 router main processing unitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6602-xg taa-compliant routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6602-xg routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6602-g taa-compliant routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6602-g routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant switch chassisscope:eqversion:79100

Trust: 0.3

vendor:hpmodel:flexfabric switch chassisscope:eqversion:79100

Trust: 0.3

vendor:hpmodel:flexfabric 7.2tbps taa-compliant fabric/main processing uniscope:eqversion:79100

Trust: 0.3

vendor:hpmodel:flexfabric 7.2tbps fabric main processing unitscope:eqversion:7910/0

Trust: 0.3

vendor:hpmodel:flexfabric 2.4tbps taa-compliant fabric/main processing uniscope:eqversion:79100

Trust: 0.3

vendor:hpmodel:flexfabric 2.4tbps fabric main processing unitscope:eqversion:7910/0

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant switch chassisscope:eqversion:79040

Trust: 0.3

vendor:hpmodel:flexfabric switch chassisscope:eqversion:79040

Trust: 0.3

vendor:hpmodel:flexfabric 4-slot taa-compliant switchscope:eqversion:59300

Trust: 0.3

vendor:hpmodel:flexfabric 4-slot switchscope:eqversion:59300

Trust: 0.3

vendor:hpmodel:flexfabric 32qsfp+ taa-compliant switchscope:eqversion:59300

Trust: 0.3

vendor:hpmodel:flexfabric 32qsfp+ switchscope:eqversion:59300

Trust: 0.3

vendor:hpmodel:flexfabric 2qsfp+ 2-slot taa-compliant switchscope:eqversion:59300

Trust: 0.3

vendor:hpmodel:flexfabric 2qsfp+ 2-slot switchscope:eqversion:59300

Trust: 0.3

vendor:hpmodel:flexfabric 5900cp 48xg 4qsfp+ taa-compliantscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-48g-4xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-40xg-2qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-40xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-32xgt-8xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 12916e switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric switch ac chassisscope:eqversion:129160

Trust: 0.3

vendor:hpmodel:flexfabric main processing unitscope:eqversion:129160

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant switch ac chassisscope:eqversion:129100

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant main processing unitscope:eqversion:129100

Trust: 0.3

vendor:hpmodel:flexfabric switch ac chassisscope:eqversion:129100

Trust: 0.3

vendor:hpmodel:flexfabric main processing unitscope:eqversion:129100

Trust: 0.3

vendor:hpmodel:flexfabric 12908e switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 12904e switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 12904e main processing unitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 12900e main processing unitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric switch chassisscope:eqversion:11908-v0

Trust: 0.3

vendor:hpmodel:flexfabric main processing unitscope:eqversion:119000

Trust: 0.3

vendor:hpmodel:ff 5900cp-48xg-4qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ff 12518e dc switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ff 12518e ac switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ff 12508e dc switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ff 12508e ac switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ff 12500e mpuscope:eqversion:0

Trust: 0.3

vendor:hpmodel:a12518 switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:a12508 switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75100

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75060

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75030

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75020

Trust: 0.3

vendor:hpmodel:main processing unitscope:eqversion:75020

Trust: 0.3

vendor:hpmodel:5920af-24xg taa switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5920af-24xg switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af-48xgt-4qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af-48xg-4qsfp+ taa switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af-48xg-4qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af-48g-4xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af 48xgt 4qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af 48g 4xg 2qsfp+ taa-compliantscope:eqversion:0

Trust: 0.3

vendor:hpmodel:48g poe+ 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:hpmodel:48g 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:hpmodel:24g sfp 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:hpmodel:24g poe+ 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:hpmodel:24g 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:hpmodel:5130-48g-poe+-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-poe+-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-poe+-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-sfp-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-poe+-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-poe+-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-poe+-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:48g poe+ 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:hpmodel:48g 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:hpmodel:24g poe+ 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:hpmodel:24g 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:hpmodel:1950-48g-2sfp+-2xgt-poe+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:1950-48g-2sfp+-2xgt switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:1950-24g-4xg switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:1950-24g-2sfp+-2xgt-poe+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:125180

Trust: 0.3

vendor:hpmodel:dc switch chassisscope:eqversion:125180

Trust: 0.3

vendor:hpmodel:ac switch chassisscope:eqversion:125180

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:125080

Trust: 0.3

vendor:hpmodel:dc switch chassisscope:eqversion:125080

Trust: 0.3

vendor:hpmodel:ac switch chassisscope:eqversion:125080

Trust: 0.3

vendor:hpmodel:dc switch chassisscope:eqversion:125040

Trust: 0.3

vendor:hpmodel:ac switch chassisscope:eqversion:125040

Trust: 0.3

vendor:hpmodel:mpu w/comware osscope:eqversion:12500v70

Trust: 0.3

vendor:hpmodel:main processing unitscope:eqversion:125000

Trust: 0.3

vendor:hpmodel:taa switch chassisscope:eqversion:105120

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:105120

Trust: 0.3

vendor:hpmodel:taa switch chassisscope:eqversion:10508-v0

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:10508-v0

Trust: 0.3

vendor:hpmodel:taa switch chassisscope:eqversion:105080

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:105080

Trust: 0.3

vendor:hpmodel:taa switch chassisscope:eqversion:105040

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:105040

Trust: 0.3

vendor:hpmodel:type d taa-compliant with comware os main processing unscope:eqversion:10500v70

Trust: 0.3

vendor:hpmodel:type d main processing unit with comware osscope:eqversion:10500v70

Trust: 0.3

vendor:hpmodel:type a mpu w/comware osscope:eqversion:10500v70

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p9scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p6scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p25scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p24scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p22scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p21scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p13scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p10scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-rc3-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-rc2-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-rc2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-rc1-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-rcscope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-prereleasescope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-beta3-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-beta1-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-beta1-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-beta1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.3

Trust: 0.3

vendor:freebsdmodel:10.2-rc2-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.2-rc1-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.2-rc1-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.2-prereleasescope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.2-beta2-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.2-beta2-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.2

Trust: 0.3

vendor:freebsdmodel:10.1-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-relengscope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p9scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p6scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p19scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p17scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p16scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-releasescope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-rc4-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-rc3-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-rc2-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-rc2-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-rc1-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-prereleasescope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-beta3-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-beta1-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.1

Trust: 0.3

vendor:extremenetworksmodel:summit wm3000 seriesscope:eqversion:0

Trust: 0.3

vendor:extremenetworksmodel:purview appliancescope:eqversion:6.3

Trust: 0.3

vendor:extremenetworksmodel:purview appliancescope:eqversion:6.0

Trust: 0.3

vendor:extremenetworksmodel:netsight appliancescope:eqversion:6.3

Trust: 0.3

vendor:extremenetworksmodel:netsight appliancescope:eqversion:6.0

Trust: 0.3

vendor:extremenetworksmodel:nac appliancescope:eqversion:6.3

Trust: 0.3

vendor:extremenetworksmodel:nac appliancescope:eqversion:6.0

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:16.1.2

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.7.4

Trust: 0.3

vendor:extremenetworksmodel:extremexos patchscope:eqversion:15.7.38

Trust: 0.3

vendor:extremenetworksmodel:extremexos patchscope:eqversion:15.7.31

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.7.2

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.7

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.6.4

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:16.1

Trust: 0.3

vendor:extremenetworksmodel:extremexos 15.4.1.3-patch1-10scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.4.1.0

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.3

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:neversion:2.9.0

Trust: 0.3

vendor:rockwellmodel:automation stratixscope:neversion:590015.6.3

Trust: 0.3

vendor:ntpmodel:ntpscope:neversion:4.3.77

Trust: 0.3

vendor:ntpmodel:4.2.8p4scope:neversion: -

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:neversion:9.0.3.14.0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:neversion:7.10.1.37.00

Trust: 0.3

vendor:ibmmodel:ib6131 gb infiniband switchscope:neversion:83.5.1000

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:neversion:9.1.7.03.00

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:neversion:3.5.1000

Trust: 0.3

vendor:freebsdmodel:9.3-stablescope:neversion: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p29scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:10.2-stablescope:neversion: -

Trust: 0.3

vendor:freebsdmodel:10.2-release-p6scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p23scope:neversion: -

Trust: 0.3

vendor:extremenetworksmodel:purview appliancescope:neversion:6.4

Trust: 0.3

vendor:extremenetworksmodel:netsight appliancescope:neversion:6.4

Trust: 0.3

vendor:extremenetworksmodel:nac appliancescope:neversion:6.4

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:neversion:21.1

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:neversion:16.2

Trust: 0.3

sources: BID: 77287 // JVNDB: JVNDB-2015-007708 // CNNVD: CNNVD-201510-574 // NVD: CVE-2015-7871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7871
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-7871
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201510-574
value: CRITICAL

Trust: 0.6

VULMON: CVE-2015-7871
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7871
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2015-7871
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2015-7871
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2015-7871 // JVNDB: JVNDB-2015-007708 // CNNVD: CNNVD-201510-574 // NVD: CVE-2015-7871

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2015-007708 // NVD: CVE-2015-7871

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 134102 // PACKETSTORM: 134034 // CNNVD: CNNVD-201510-574

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201510-574

PATCH

title:Bug 1274265url:http://support.ntp.org/bin/view/Main/NtpBug2941

Trust: 0.8

title:NTP Fixes for authentication bypassing vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119786

Trust: 0.6

title:Red Hat: CVE-2015-7871url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-7871

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-607url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-607

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2783-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=e70fe4cd19746222a97e5da53d3d2b2a

Trust: 0.1

title:Debian Security Advisories: DSA-3388-1 ntp -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=61fe4252a877d02aaea1c931efa0a305

Trust: 0.1

title:Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=f5e05389a60d3a56f2a0ad0ec21579d9

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151021-ntp

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8

Trust: 0.1

sources: VULMON: CVE-2015-7871 // JVNDB: JVNDB-2015-007708 // CNNVD: CNNVD-201510-574

EXTERNAL IDS

db:NVDid:CVE-2015-7871

Trust: 3.6

db:BIDid:77287

Trust: 2.0

db:SECTRACKid:1033951

Trust: 1.7

db:SIEMENSid:SSA-497656

Trust: 1.7

db:JVNid:JVNVU96269392

Trust: 0.8

db:JVNDBid:JVNDB-2015-007708

Trust: 0.8

db:ICS CERTid:ICSA-21-103-11

Trust: 0.6

db:CNNVDid:CNNVD-201510-574

Trust: 0.6

db:JUNIPERid:JSA10711

Trust: 0.3

db:ICS CERTid:ICSA-17-094-04

Trust: 0.3

db:TALOSid:TALOS-2015-0069

Trust: 0.3

db:ICS CERTid:ICSA-15-356-01

Trust: 0.1

db:VULMONid:CVE-2015-7871

Trust: 0.1

db:PACKETSTORMid:137992

Trust: 0.1

db:PACKETSTORMid:138803

Trust: 0.1

db:PACKETSTORMid:134082

Trust: 0.1

db:PACKETSTORMid:136587

Trust: 0.1

db:PACKETSTORMid:134102

Trust: 0.1

db:PACKETSTORMid:134034

Trust: 0.1

db:PACKETSTORMid:134162

Trust: 0.1

db:PACKETSTORMid:134137

Trust: 0.1

sources: VULMON: CVE-2015-7871 // BID: 77287 // JVNDB: JVNDB-2015-007708 // PACKETSTORM: 137992 // PACKETSTORM: 138803 // PACKETSTORM: 134082 // PACKETSTORM: 136587 // PACKETSTORM: 134102 // PACKETSTORM: 134034 // PACKETSTORM: 134162 // PACKETSTORM: 134137 // CNNVD: CNNVD-201510-574 // NVD: CVE-2015-7871

REFERENCES

url:https://bugzilla.redhat.com/show_bug.cgi?id=1274265

Trust: 2.0

url:http://www.securityfocus.com/bid/77287

Trust: 1.8

url:https://security.gentoo.org/glsa/201607-15

Trust: 1.8

url:https://security.gentoo.org/glsa/201604-03

Trust: 1.8

url:http://support.ntp.org/bin/view/main/ntpbug2941

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839

Trust: 1.7

url:http://www.securitytracker.com/id/1033951

Trust: 1.7

url:http://www.debian.org/security/2015/dsa-3388

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20171004-0001/

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-7871

Trust: 1.5

url:https://jvn.jp/vu/jvnvu96269392/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-7855

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-7704

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-7702

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7852

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7701

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7850

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7705

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7703

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7691

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7853

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7692

Trust: 0.5

url:http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities

Trust: 0.4

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp

Trust: 0.4

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7848

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7849

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7854

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7851

Trust: 0.4

url:https://github.com/ntp-project/ntp/blob/stable/news#l295

Trust: 0.3

url:http://www.ntp.org/

Trust: 0.3

url:http://talosintel.com/reports/talos-2015-0069/

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10711

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-04

Trust: 0.3

url:http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf

Trust: 0.3

url:http://seclists.org/bugtraq/2015/oct/113

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225

Trust: 0.3

url:https://security.gentoo.org/

Trust: 0.2

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871

Trust: 0.2

url:https://bugs.gentoo.org.

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5219

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5300

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5194

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5146

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5195

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9750

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7871

Trust: 0.1

url:https://ics-cert.us-cert.gov/advisories/icsa-15-356-01

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2015-607.html

Trust: 0.1

url:https://usn.ubuntu.com/2783-1/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7978

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7979

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8138

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7974

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1547

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7977

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7975

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7976

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc

Trust: 0.1

url:https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc

Trust: 0.1

url:https://www.freebsd.org/handbook/makeworld.html.

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc

Trust: 0.1

url:https://security.freebsd.org/.

Trust: 0.1

url:https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4536

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7504

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4103

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4105

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4535

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6030

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7835

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8551

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4538

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8552

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6036

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7814

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4106

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7970

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3456

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4536

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3495

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4106

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3259

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3340

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2151

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4411

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7972

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4538

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6035

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3495

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4539

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3494

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6033

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6032

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4537

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6035

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6032

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7813

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3515

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3498

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2270

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6030

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3497

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3494

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8555

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4163

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8340

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4104

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7311

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3259

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2151

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8339

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6033

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8554

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4411

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4105

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4539

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3340

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4164

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3515

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4103

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3496

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3209

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7969

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4104

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3496

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2271

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7812

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2783-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2

Trust: 0.1

url:http://www.cs.bu.edu/~goldbe/ntpattack.html

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:http://talosintel.com/vulnerability-reports/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9751

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3405

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

sources: VULMON: CVE-2015-7871 // BID: 77287 // JVNDB: JVNDB-2015-007708 // PACKETSTORM: 137992 // PACKETSTORM: 138803 // PACKETSTORM: 134082 // PACKETSTORM: 136587 // PACKETSTORM: 134102 // PACKETSTORM: 134034 // PACKETSTORM: 134162 // PACKETSTORM: 134137 // CNNVD: CNNVD-201510-574 // NVD: CVE-2015-7871

CREDITS

Stephen Gray &amp;amp;lt;stepgray@cisco.com&amp;amp;gt;.

Trust: 0.3

sources: BID: 77287

SOURCES

db:VULMONid:CVE-2015-7871
db:BIDid:77287
db:JVNDBid:JVNDB-2015-007708
db:PACKETSTORMid:137992
db:PACKETSTORMid:138803
db:PACKETSTORMid:134082
db:PACKETSTORMid:136587
db:PACKETSTORMid:134102
db:PACKETSTORMid:134034
db:PACKETSTORMid:134162
db:PACKETSTORMid:134137
db:CNNVDid:CNNVD-201510-574
db:NVDid:CVE-2015-7871

LAST UPDATE DATE

2024-11-11T22:53:13.545000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2015-7871date:2021-04-13T00:00:00
db:BIDid:77287date:2017-05-23T16:24:00
db:JVNDBid:JVNDB-2015-007708date:2021-04-16T09:06:00
db:CNNVDid:CNNVD-201510-574date:2021-04-14T00:00:00
db:NVDid:CVE-2015-7871date:2021-04-13T12:15:15.273

SOURCES RELEASE DATE

db:VULMONid:CVE-2015-7871date:2017-08-07T00:00:00
db:BIDid:77287date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-007708date:2017-09-06T00:00:00
db:PACKETSTORMid:137992date:2016-07-21T15:56:23
db:PACKETSTORMid:138803date:2016-09-21T17:24:00
db:PACKETSTORMid:134082date:2015-10-26T19:32:22
db:PACKETSTORMid:136587date:2016-04-06T13:30:13
db:PACKETSTORMid:134102date:2015-10-27T23:30:50
db:PACKETSTORMid:134034date:2015-10-21T19:22:22
db:PACKETSTORMid:134162date:2015-11-02T16:48:39
db:PACKETSTORMid:134137date:2015-10-30T23:22:57
db:CNNVDid:CNNVD-201510-574date:2015-10-27T00:00:00
db:NVDid:CVE-2015-7871date:2017-08-07T20:29:00.997