ID

VAR-201708-1547


CVE

CVE-2015-7704


TITLE

NTP.org ntpd contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#718152

DESCRIPTION

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. An attacker can leverage this issue to cause a denial-of-service condition. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'SSH' protocol. The 'SSH' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2 NOTE: This BID is being retired as it is a duplicate of BID 75990 (OpenSSH Login Handling Security Bypass Weakness). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2015:1930-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1930.html Issue date: 2015-10-26 CVE Names: CVE-2015-5300 CVE-2015-7704 ===================================================================== 1. Summary: Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704) It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300) Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg of Boston University for reporting these issues. All ntp users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet 1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm ppc64: ntp-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntpdate-4.2.6p5-5.el6_7.2.ppc64.rpm s390x: ntp-4.2.6p5-5.el6_7.2.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntpdate-4.2.6p5-5.el6_7.2.s390x.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-perl-4.2.6p5-5.el6_7.2.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntp-perl-4.2.6p5-5.el6_7.2.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm ppc64: ntp-4.2.6p5-19.el7_1.3.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm ntpdate-4.2.6p5-19.el7_1.3.ppc64.rpm s390x: ntp-4.2.6p5-19.el7_1.3.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm ntpdate-4.2.6p5-19.el7_1.3.s390x.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-19.ael7b_1.3.src.rpm ppc64le: ntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntpdate-4.2.6p5-19.ael7b_1.3.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm sntp-4.2.6p5-19.el7_1.3.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm sntp-4.2.6p5-19.el7_1.3.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.ael7b_1.3.noarch.rpm ntp-perl-4.2.6p5-19.ael7b_1.3.noarch.rpm ppc64le: ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm sntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5300 https://access.redhat.com/security/cve/CVE-2015-7704 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWLpsKXlSAg2UNWIIRAvn5AJ0YbKe9DZYq3JmTarVuEvM3l3fC3gCgmwd8 D1msx7GTmRIz9oZ3uE0m6Io= =mPYp -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2016-09-21 Last Updated: 2016-09-21 Potential Security Impact: Multiple Remote Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products. References: - CVE-2015-7704 - CVE-2015-7705 - CVE-2015-7855 - CVE-2015-7871 - PSRT110228 - SSRT102943 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed. BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2015-7704 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE-2015-7705 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE-2015-7855 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE-2015-7871 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products. **COMWARE 7 Products** + **12500 (Comware 7) - Version: R7377** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU + **10500 (Comware 7) - Version: R7178** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit + **12900 (Comware 7) - Version: R1138P03** * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis + **5900 (Comware 7) - Version: R2422P02** * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant + **MSR1000 (Comware 7) - Version: R0305P08** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router + **MSR2000 (Comware 7) - Version: R0305P08** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router + **MSR3000 (Comware 7) - Version: R0305P08** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router + **MSR4000 (Comware 7) - Version: R0305P08** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit + **VSR (Comware 7) - Version: E0322** * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router + **7900 (Comware 7) - Version: R2138P03** * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit + **5130 (Comware 7) - Version: R3111P03** * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch + **5700 (Comware 7) - Version: R2422P02** * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch + **5930 (Comware 7) - Version: R2422P02** * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch + **HSR6600 (Comware 7) - Version: R7103P07** * HP Network Products - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router + **HSR6800 (Comware 7) - Version: R7103P07** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit + **1950 (Comware 7) - Version: R3111P03** * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch + **7500 (Comware 7) - Version: R7178** * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit + **5130HI - Version: R1118P02** * HP Network Products - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch + **5510HI - Version: R1118P02** * HP Network Products - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 21 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6.6) - i386, noarch, ppc64, s390x, x86_64 3. ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in NTP. (CVE-2015-5146) Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194) Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195) Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. A remote attacker could possibly use this issue to alter the system time on clients. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) It was discovered that NTP incorrectly handled memory when processing certain autokey messages. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705) Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850) Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852) Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853) John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855) Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. A remote attacker could use this issue to possibly bypass authentication and alter the system clock. (CVE-2015-7871) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1 Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6 In general, a standard system update will make all the necessary changes. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. An attacker could use a specially crafted package to cause ntpd to crash if: * ntpd enabled remote configuration * The attacker had the knowledge of the configuration password * The attacker had access to a computer entrusted to perform remote configuration Note that remote configuration is disabled by default in NTP. CVE-2015-5194 It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. CVE-2015-5195 It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command CVE-2015-5219 It was discovered that sntp program would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. ntpd could actually step the clock multiple times by more than the panic threshold if its clock discipline doesn't have enough time to reach the sync state and stay there for at least one update. This is contrary to what the documentation says. Normally, the assumption is that an MITM attacker can step the clock more than the panic threshold only once when ntpd starts and to make a larger adjustment the attacker has to divide it into multiple smaller steps, each taking 15 minutes, which is slow. CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. CVE-2015-7701 A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. CVE-2015-7703 Miroslav Lichvar of Red Hat found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). For example: ntpq -c ':config pidfile /tmp/ntp.pid' ntpq -c ':config driftfile /tmp/ntp.drift' In Debian ntpd is configured to drop root privileges, which limits the impact of this issue. CVE-2015-7704 If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from the server to reduce its polling rate, it doesn't check if the originate timestamp in the reply matches the transmit timestamp from its request. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability. CVE-2015-7852 A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. CVE-2015-7855 It was found that NTP's decodenetnum() would abort with an assertion failure when processing a mode 6 or mode 7 packet containing an unusually long data value where a network address was expected. This could allow an authenticated attacker to crash ntpd. CVE-2015-7871 An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto-NAK packets to ntpd. This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time. For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6. For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3. We recommend that you upgrade your ntp packages. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 3.69

sources: NVD: CVE-2015-7704 // CERT/CC: VU#718152 // JVNDB: JVNDB-2015-007700 // BID: 77280 // BID: 92012 // VULMON: CVE-2015-7704 // PACKETSTORM: 134093 // PACKETSTORM: 138803 // PACKETSTORM: 136864 // PACKETSTORM: 134542 // PACKETSTORM: 134102 // PACKETSTORM: 134034 // PACKETSTORM: 134162 // PACKETSTORM: 134137

AFFECTED PRODUCTS

vendor:ntpmodel:ntpscope:eqversion:4.2.8

Trust: 1.3

vendor:citrixmodel:xenserverscope:eqversion:6.0.2

Trust: 1.3

vendor:citrixmodel:xenserverscope:eqversion:7.0

Trust: 1.3

vendor:citrixmodel:xenserverscope:eqversion:6.5

Trust: 1.3

vendor:ntpmodel:ntpscope:eqversion:4.3.77

Trust: 1.1

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:ntpmodel:ntpscope:ltversion:4.3.77

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.7

Trust: 1.0

vendor:ntpmodel:ntpscope:gteversion:4.3.0

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:ltversion:10.4.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:oncommand unified managerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.5

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.5

Trust: 1.0

vendor:ntpmodel:ntpscope:gteversion:4.2.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:ntpmodel:ntpscope:ltversion:4.2.8

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:ltversion:11.2.0

Trust: 1.0

vendor:citrixmodel:xenserverscope:eqversion:6.2.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:mcafeemodel:enterprise security managerscope:gteversion:11.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.7

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:oncommand performance managerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.5

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.3.70

Trust: 0.9

vendor:ntpmodel: - scope: - version: -

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.3.x

Trust: 0.8

vendor:ntpmodel:ntpscope:eqversion:4.2.8p4

Trust: 0.8

vendor:ntpmodel:ntpscope:ltversion:4.x

Trust: 0.8

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.0

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.28

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:neversion:7.5.2.9

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.9.

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.4

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:neversion:7.6.2.1

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.9

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.8

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.2.1

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.0

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.1.5.1

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.10

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.2

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.2.0.9

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.6

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.1.5.2

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.1

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.13

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.0.0

Trust: 0.6

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.2

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.67

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.74

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.68

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.69

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.72

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.73

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.75

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.76

Trust: 0.6

vendor:ntpmodel:ntpscope:eqversion:4.3.71

Trust: 0.6

vendor:hpmodel:taa switch chassisscope:eqversion:10508-v0

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:105080

Trust: 0.3

vendor:freebsdmodel:10.2-rc1-p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.3.0.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0

Trust: 0.3

vendor:hpmodel:taa switch chassisscope:eqversion:105080

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:neversion:9.0.3.14.0

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:neversion:21.1

Trust: 0.3

vendor:hpmodel:flexfabric 7.2tbps taa-compliant fabric/main processing uniscope:eqversion:79100

Trust: 0.3

vendor:hpmodel:flexfabric 2qsfp+ 2-slot switchscope:eqversion:59300

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.5

Trust: 0.3

vendor:hpmodel:1950-24g-2sfp+-2xgt-poe+ switchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.4

Trust: 0.3

vendor:hpmodel:hsr6800 rse-x3 router main processing unitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:24g 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.4.0.0

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3400

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:3210

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.3

Trust: 0.3

vendor:hpmodel:48g 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.7.4

Trust: 0.3

vendor:ciscomodel:jabber guestscope:eqversion:10.0(2)

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:freebsdmodel:10.1-release-p5scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:hpmodel:5130-24g-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:ibmmodel:real-time compression appliancescope:eqversion:4.1.2

Trust: 0.3

vendor:ciscomodel:prime license managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience serverscope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p22scope: - version: -

Trust: 0.3

vendor:hpmodel:ff 12508e dc switch chassisscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.1-rc1-p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:hpmodel:5130-48g-poe+-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6602-xg taa-compliant routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 12904e switch chassisscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p10scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p1scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:extremexos patchscope:eqversion:15.7.38

Trust: 0.3

vendor:hpmodel:1950-48g-2sfp+-2xgt switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:mpu w/comware osscope:eqversion:12500v70

Trust: 0.3

vendor:ciscomodel:prime infrastructure standalone plug and play gatewayscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ff 12518e dc switch chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-poe+-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:neversion:7.10.1.37.00

Trust: 0.3

vendor:hpmodel:dc switch chassisscope:eqversion:125040

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:1.0

Trust: 0.3

vendor:hpmodel:flexfabric 2.4tbps fabric main processing unitscope:eqversion:7910/0

Trust: 0.3

vendor:ntpmodel:4.2.8p3scope: - version: -

Trust: 0.3

vendor:ciscomodel:prime access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:scosscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant switch chassisscope:eqversion:79100

Trust: 0.3

vendor:freebsdmodel:10.1-release-p17scope: - version: -

Trust: 0.3

vendor:hpmodel:msr2003 taa-compliant ac routerscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.1-relengscope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.6

Trust: 0.3

vendor:hpmodel:main processing unitscope:eqversion:125000

Trust: 0.3

vendor:hpmodel:msr2004-48 routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af-48xg-4qsfp+ taa switchscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:clean access managerscope:eqversion:0

Trust: 0.3

vendor:citrixmodel:xenserver common criteriascope:eqversion:6.0.2

Trust: 0.3

vendor:ciscomodel:common services platform collectorscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ac switch chassisscope:eqversion:125080

Trust: 0.3

vendor:freebsdmodel:9.3-beta3-p2scope: - version: -

Trust: 0.3

vendor:ciscomodel:media experience enginesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wap371 wireless access pointscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.2

Trust: 0.3

vendor:hpmodel:flexfabric 12916e switch chassisscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:hpmodel:flexfabric 5700-48g-4xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.1-rc2-p3scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.7.zscope: - version: -

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1

Trust: 0.3

vendor:freebsdmodel:10.1-release-p23scope:neversion: -

Trust: 0.3

vendor:citrixmodel:xenserver sp1scope:eqversion:6.2.0

Trust: 0.3

vendor:ciscomodel:mediasensescope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 7.2tbps fabric main processing unitscope:eqversion:7910/0

Trust: 0.3

vendor:hpmodel:hsr6808 router chassisscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:hpmodel:hsr6800 rse-x2 router taa-compliant main processingscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr1003-8s ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-sfp-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 12900e main processing unitscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sentinelscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ucs directorscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr4060 router chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:ff 12500e mpuscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:1.14.5

Trust: 0.3

vendor:ciscomodel:telepresence isdn linkscope:eqversion:0

Trust: 0.3

vendor:hpmodel:1950-24g-4xg switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:48g poe+ 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:ciscomodel:physical access managerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 32qsfp+ switchscope:eqversion:59300

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:hpmodel:ac switch chassisscope:eqversion:125180

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:hpmodel:5130-48g-poe+-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr4000 mpu-100 main processing unitscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:communications session border controllerscope:eqversion:7.2.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ciscomodel:nac guest serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:enterprise content delivery systemscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:hpmodel:vsr1001 comware virtual services routerscope:eqversion:70

Trust: 0.3

vendor:freebsdmodel:9.3-rcscope: - version: -

Trust: 0.3

vendor:hpmodel:flexfabric 12904e main processing unitscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:freebsdmodel:9.3-beta1scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:hpmodel:5130-24g-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.2-rc2-p1scope: - version: -

Trust: 0.3

vendor:hpmodel:ff 12508e ac switch chassisscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:freebsdmodel:10.1-rc2-p1scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7

Trust: 0.3

vendor:ciscomodel:video delivery system recorderscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr4080 router chassisscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:freebsdmodel:10.1-releasescope: - version: -

Trust: 0.3

vendor:oraclemodel:communications session border controllerscope:eqversion:7.3.0

Trust: 0.3

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5

Trust: 0.3

vendor:hpmodel:msr3044 routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-4sfp+ ei brazil switchscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.5p186scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.22

Trust: 0.3

vendor:freebsdmodel:9.3-stablescope:neversion: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p1scope: - version: -

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:hpmodel:msr3064 routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:48g poe+ 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:freebsdmodel:10.1-release-p9scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:netsight appliancescope:eqversion:6.0

Trust: 0.3

vendor:ntpmodel:4.2.5p3scope: - version: -

Trust: 0.3

vendor:hpmodel:msr2004-24 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 32qsfp+ taa-compliant switchscope:eqversion:59300

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:rockwellmodel:automation stratixscope:neversion:590015.6.3

Trust: 0.3

vendor:freebsdmodel:9.3-rc2-p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:eqversion:9.1.0.00

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:neversion:2.46

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:ciscomodel:unity expressscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:neversion:2.26

Trust: 0.3

vendor:freebsdmodel:10.2-rc1-p1scope: - version: -

Trust: 0.3

vendor:hpmodel:flexfabric 2qsfp+ 2-slot taa-compliant switchscope:eqversion:59300

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75030

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75060

Trust: 0.3

vendor:ntpmodel:4.2.8p5scope: - version: -

Trust: 0.3

vendor:hpmodel:hsr6602-g taa-compliant routerscope:eqversion:0

Trust: 0.3

vendor:extremenetworksmodel:netsight appliancescope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:telepresence exchange systemscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-poe+-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:hpmodel:flexfabric main processing unitscope:eqversion:119000

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.4

Trust: 0.3

vendor:freebsdmodel:10.1-beta1-p1scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation stratixscope:eqversion:59000

Trust: 0.3

vendor:freebsdmodel:9.3-release-p3scope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.32

Trust: 0.3

vendor:hpmodel:5130-24g-poe+-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.3

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75020

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.2

Trust: 0.3

vendor:hpmodel:msr3024 taa-compliant ac routerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:hpmodel:5900af 48g 4xg 2qsfp+ taa-compliantscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric switch ac chassisscope:eqversion:129160

Trust: 0.3

vendor:freebsdmodel:10.1-stablescope: - version: -

Trust: 0.3

vendor:hpmodel:type a mpu w/comware osscope:eqversion:10500v70

Trust: 0.3

vendor:hpmodel:dc switch chassisscope:eqversion:125080

Trust: 0.3

vendor:hpmodel:5900af-48xgt-4qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:intrusion prevention system solutionsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrarscope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:onepk all-in-one vmscope:eqversion:0

Trust: 0.3

vendor:citrixmodel:xenserver sp1scope:eqversion:6.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:hpmodel:msr3024 dc routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric switch ac chassisscope:eqversion:129100

Trust: 0.3

vendor:freebsdmodel:9.3-beta1-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p25scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:summit wm3000 seriesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6800 rse-x2 router main processing unitscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:ciscomodel:series ip phones vpn featurescope:eqversion:8800-0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:1210

Trust: 0.3

vendor:hpmodel:msr3012 dc routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-poe+-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial routerscope:eqversion:9100

Trust: 0.3

vendor:freebsdmodel:10.2-beta2-p2scope: - version: -

Trust: 0.3

vendor:hpmodel:vsr1008 comware virtual services routerscope:eqversion:70

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.3.0.33

Trust: 0.3

vendor:hpmodel:type d taa-compliant with comware os main processing unscope:eqversion:10500v70

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ciscomodel:video distribution suite for internet streamingscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:ntpmodel:4.2.8p7scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant switch chassisscope:eqversion:79040

Trust: 0.3

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1

Trust: 0.3

vendor:hpmodel:vsr1004 comware virtual services routerscope:eqversion:70

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:hpmodel:24g poe+ 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:neversion:2.9.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-beta3-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:extremenetworksmodel:netsight appliancescope:neversion:6.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:ciscomodel:dcm series 9900-digital content managerscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.3

Trust: 0.3

vendor:hpmodel:flexfabric switch chassisscope:eqversion:79100

Trust: 0.3

vendor:freebsdmodel:10.1-rc3-p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:hpmodel:dc switch chassisscope:eqversion:125180

Trust: 0.3

vendor:hpmodel:hsr6802 router chassisscope:eqversion:0

Trust: 0.3

vendor:hpmodel:hsr6602-xg routerscope:eqversion:0

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.7

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:75100

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:hpmodel:flexfabric 5700-32xgt-8xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-prereleasescope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p21scope: - version: -

Trust: 0.3

vendor:hpmodel:flexfabric 4-slot taa-compliant switchscope:eqversion:59300

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:freebsdmodel:9.3-release-p24scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:neversion:16.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:freebsdmodel:10.1-release-p19scope: - version: -

Trust: 0.3

vendor:hpmodel:hsr6804 router chassisscope:eqversion:0

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.4.1.0

Trust: 0.3

vendor:hpmodel:ac switch chassisscope:eqversion:125040

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:2.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.2

Trust: 0.3

vendor:hpmodel:5900af-48g-4xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p13scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-prereleasescope: - version: -

Trust: 0.3

vendor:hpmodel:msr3024 ac routerscope:eqversion:0

Trust: 0.3

vendor:extremenetworksmodel:purview appliancescope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:hpmodel:ff 5900cp-48xg-4qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:network device security assessmentscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:hpmodel:24g 4sfp+ 1-slot hi switchscope:eqversion:51300

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:ciscomodel:asa cx and cisco prime security managerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5920af-24xg switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 4-slot switchscope:eqversion:59300

Trust: 0.3

vendor:extremenetworksmodel:nac appliancescope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-40xg-2qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr2003 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr4000 taa-compliant mpu-100 main processing unitscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:1.16

Trust: 0.3

vendor:freebsdmodel:9.3-release-p29scope:neversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:ciscomodel:standalone rack server cimcscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.2.0.0

Trust: 0.3

vendor:hpmodel:flexfabric main processing unitscope:eqversion:129160

Trust: 0.3

vendor:freebsdmodel:9.3-rc2scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:purview appliancescope:eqversion:6.3

Trust: 0.3

vendor:freebsdmodel:9.3-rc3-p1scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.2

Trust: 0.3

vendor:hpmodel:flexfabric main processing unitscope:eqversion:129100

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:neversion:2.36

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:0

Trust: 0.3

vendor:extremenetworksmodel:nac appliancescope:eqversion:6.3

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:125080

Trust: 0.3

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-rc1-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-rc4-p1scope: - version: -

Trust: 0.3

vendor:ciscomodel:meetingplacescope:eqversion:0

Trust: 0.3

vendor:hpmodel:48g 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:ibmmodel:security guardiumscope:eqversion:10.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ciscomodel:unified computing system e-series blade serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:ntpmodel:ntpscope:neversion:4.3.92

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant main processing unitscope:eqversion:129100

Trust: 0.3

vendor:ntpmodel:p74scope:eqversion:4.2.5

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:hpmodel:flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5900af 48xgt 4qsfp+ taa-compliant switchscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.8p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p6scope: - version: -

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3000

Trust: 0.3

vendor:extremenetworksmodel:extremexos patchscope:eqversion:15.7.31

Trust: 0.3

vendor:freebsdmodel:10.2-beta2-p3scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:hpmodel:msr3012 ac routerscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ciscomodel:management heartbeat serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:neversion:9.1.7.03.00

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ibmmodel:real-time compression appliancescope:neversion:4.1.17

Trust: 0.3

vendor:ntpmodel:p6scope:eqversion:4.2.4

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:105040

Trust: 0.3

vendor:ciscomodel:connected grid routersscope:eqversion:0

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:125180

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:taa switch chassisscope:eqversion:105040

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.2

Trust: 0.3

vendor:ntpmodel:p7scope:eqversion:4.2.4

Trust: 0.3

vendor:ciscomodel:nac serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.12

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.1.2

Trust: 0.3

vendor:ntpmodel:p5scope:eqversion:4.2.4

Trust: 0.3

vendor:hpmodel:flexfabric 2.4tbps taa-compliant fabric/main processing uniscope:eqversion:79100

Trust: 0.3

vendor:ciscomodel:nac appliancescope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-48g-4sfp+ ei switchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:neversion:3.2

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.02

Trust: 0.3

vendor:hpmodel:a12508 switch chassisscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:5130-24g-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.25

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.8p4scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.6.4

Trust: 0.3

vendor:extremenetworksmodel:purview appliancescope:neversion:6.4

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.1.0.0

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.3

Trust: 0.3

vendor:hpmodel:5130-48g-2sfp+-2xgt ei switchscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:4.2.8p6scope: - version: -

Trust: 0.3

vendor:extremenetworksmodel:nac appliancescope:neversion:6.4

Trust: 0.3

vendor:ciscomodel:telepresence ex seriesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:msr1002-4 ac routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:105120

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:eqversion:9.0

Trust: 0.3

vendor:ntpmodel:4.2.7p11scope: - version: -

Trust: 0.3

vendor:hpmodel:5900af-48xg-4qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:hpmodel:type d main processing unit with comware osscope:eqversion:10500v70

Trust: 0.3

vendor:hpmodel:taa switch chassisscope:eqversion:105120

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.34

Trust: 0.3

vendor:hpmodel:vsr1001 virtual services router day evaluation softwarescope:eqversion:600

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:hpmodel:24g sfp 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:freebsdmodel:10.2-release-p6scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:10.2-stablescope:neversion: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p5scope: - version: -

Trust: 0.3

vendor:hpmodel:5920af-24xg taa switchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:junipermodel:junos osscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric switch chassisscope:eqversion:79040

Trust: 0.3

vendor:hpmodel:flexfabric 12908e switch chassisscope:eqversion:0

Trust: 0.3

vendor:citrixmodel:xenserverscope:eqversion:6.2

Trust: 0.3

vendor:freebsdmodel:9.3-beta1-p2scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:ciscomodel:telepresence conductorscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:neversion:3.1

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:content security appliance updater serversscope:eqversion:0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:hpmodel:flexfabric taa-compliant switch ac chassisscope:eqversion:129100

Trust: 0.3

vendor:freebsdmodel:10.1-release-p16scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager session management editionscope:eqversion:0

Trust: 0.3

vendor:hpmodel:flexfabric 5700-40xg-2qsfp+ switchscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p6scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:hpmodel:main processing unitscope:eqversion:75020

Trust: 0.3

vendor:ciscomodel:support centralscope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:9.3-release-p9scope: - version: -

Trust: 0.3

vendor:hpmodel:ff 12518e ac switch chassisscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:5000

Trust: 0.3

vendor:ciscomodel:virtual security gateway for microsoft hyper-vscope:eqversion:0

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:hpmodel:flexfabric 5900cp 48xg 4qsfp+ taa-compliantscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime service catalog virtual appliancescope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:hpmodel:24g poe+ 4sfp+ hi 1-slot switchscope:eqversion:55100

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.3.90

Trust: 0.3

vendor:hpmodel:hsr6602-g routerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:videoscape control suitescope:eqversion:0

Trust: 0.3

vendor:hpmodel:1950-48g-2sfp+-2xgt-poe+ switchscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ucs centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence profile seriesscope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:msr3024 poe routerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:a12518 switch chassisscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience tools serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7

Trust: 0.3

vendor:extremenetworksmodel:extremexosscope:eqversion:15.7.2

Trust: 0.3

vendor:ciscomodel:im and presence servicescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:2.0

Trust: 0.3

vendor:siemensmodel:ruggedcom roxscope:eqversion:2.6.3

Trust: 0.3

vendor:hpmodel:flexfabric switch chassisscope:eqversion:11908-v0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:ciscomodel:cloud object storescope:eqversion:0

Trust: 0.3

vendor:freebsdmodel:10.2-prereleasescope: - version: -

Trust: 0.3

vendor:hpmodel:switch chassisscope:eqversion:10508-v0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:eqversion:7.10

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.2

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 0.3

sources: CERT/CC: VU#718152 // BID: 77280 // BID: 92012 // JVNDB: JVNDB-2015-007700 // CNNVD: CNNVD-201510-585 // NVD: CVE-2015-7704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7704
value: HIGH

Trust: 1.0

NVD: CVE-2015-7704
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201510-585
value: HIGH

Trust: 0.6

VULMON: CVE-2015-7704
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7704
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2015-7704
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2015-7704
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2015-7704 // JVNDB: JVNDB-2015-007700 // CNNVD: CNNVD-201510-585 // NVD: CVE-2015-7704

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2015-007700 // NVD: CVE-2015-7704

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 134093 // PACKETSTORM: 134542 // PACKETSTORM: 134102 // PACKETSTORM: 134034 // CNNVD: CNNVD-201510-585

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201510-585

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007700

PATCH

title:HPSBHF03646url:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05270839

Trust: 0.8

title:Bug 2901url:http://bugs.ntp.org/show_bug.cgi?id=2901

Trust: 0.8

title:Bug 1271070url:https://bugzilla.redhat.com/show_bug.cgi?id=1271070

Trust: 0.8

title:NTP Bug 2901url:http://support.ntp.org/bin/view/Main/NtpBug2901

Trust: 0.8

title:October 2015 NTP-4.2.8p4 Security Vulnerability Announcement (Medium)url:http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit

Trust: 0.8

title:NTP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119777

Trust: 0.6

title:Red Hat: Important: ntp security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152520 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2015-7704url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-7704

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-607url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-607

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2783-1

Trust: 0.1

title:Citrix Security Bulletins: Citrix XenServer Multiple Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=089f3f781342f5003697826b78ce46a9

Trust: 0.1

title:Debian Security Advisories: DSA-3388-1 ntp -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=61fe4252a877d02aaea1c931efa0a305

Trust: 0.1

title:Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=f5e05389a60d3a56f2a0ad0ec21579d9

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151021-ntp

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489

Trust: 0.1

sources: VULMON: CVE-2015-7704 // JVNDB: JVNDB-2015-007700 // CNNVD: CNNVD-201510-585

EXTERNAL IDS

db:CERT/CCid:VU#718152

Trust: 3.6

db:NVDid:CVE-2015-7704

Trust: 3.6

db:BIDid:77280

Trust: 2.0

db:SECTRACKid:1033951

Trust: 1.7

db:MCAFEEid:SB10284

Trust: 1.7

db:JVNid:JVNVU91176422

Trust: 0.8

db:JVNDBid:JVNDB-2015-007700

Trust: 0.8

db:MCAFEEid:SB10164

Trust: 0.6

db:CNNVDid:CNNVD-201510-585

Trust: 0.6

db:JUNIPERid:JSA10711

Trust: 0.3

db:ICS CERTid:ICSA-17-094-04

Trust: 0.3

db:BIDid:92012

Trust: 0.3

db:ICS CERTid:ICSA-15-356-01

Trust: 0.1

db:VULMONid:CVE-2015-7704

Trust: 0.1

db:PACKETSTORMid:134093

Trust: 0.1

db:PACKETSTORMid:138803

Trust: 0.1

db:PACKETSTORMid:136864

Trust: 0.1

db:PACKETSTORMid:134542

Trust: 0.1

db:PACKETSTORMid:134102

Trust: 0.1

db:PACKETSTORMid:134034

Trust: 0.1

db:PACKETSTORMid:134162

Trust: 0.1

db:PACKETSTORMid:134137

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2015-7704 // BID: 77280 // BID: 92012 // JVNDB: JVNDB-2015-007700 // PACKETSTORM: 134093 // PACKETSTORM: 138803 // PACKETSTORM: 136864 // PACKETSTORM: 134542 // PACKETSTORM: 134102 // PACKETSTORM: 134034 // PACKETSTORM: 134162 // PACKETSTORM: 134137 // CNNVD: CNNVD-201510-585 // NVD: CVE-2015-7704

REFERENCES

url:https://www.kb.cert.org/vuls/id/718152

Trust: 2.9

url:https://www.cs.bu.edu/~goldbe/ntpattack.html

Trust: 2.1

url:http://rhn.redhat.com/errata/rhsa-2015-1930.html

Trust: 2.1

url:https://support.citrix.com/article/ctx220112

Trust: 2.0

url:http://rhn.redhat.com/errata/rhsa-2015-2520.html

Trust: 1.8

url:https://eprint.iacr.org/2015/1020.pdf

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1271070

Trust: 1.7

url:http://support.ntp.org/bin/view/main/securitynotice#october_2015_ntp_4_2_8p4_securit

Trust: 1.7

url:http://support.ntp.org/bin/view/main/ntpbug2901

Trust: 1.7

url:http://bugs.ntp.org/show_bug.cgi?id=2901

Trust: 1.7

url:https://security.gentoo.org/glsa/201607-15

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839

Trust: 1.7

url:http://www.securityfocus.com/bid/77280

Trust: 1.7

url:http://www.securitytracker.com/id/1033951

Trust: 1.7

url:http://www.debian.org/security/2015/dsa-3388

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20171004-0002/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20171004-0001/

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.7

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10284

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-7704

Trust: 1.6

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704

Trust: 1.0

url:http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security

Trust: 0.8

url:http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91176422/

Trust: 0.8

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 0.6

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10164

Trust: 0.6

url:http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7871

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7855

Trust: 0.5

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp

Trust: 0.4

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7705

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7702

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7852

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7701

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7691

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7692

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7850

Trust: 0.4

url:https://github.com/ntp-project/ntp/blob/stable/news#l295

Trust: 0.3

url:http://www.ntp.org

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10711

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-04

Trust: 0.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd

Trust: 0.3

url:http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf

Trust: 0.3

url:http://seclists.org/bugtraq/2015/oct/113

Trust: 0.3

url:isg3t1023874

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023874

Trust: 0.3

url:http://support.ntp.org/bin/view/main/ntpbug2952

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981747

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005821

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21979393

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21980676

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983501

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983506

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1021264

Trust: 0.3

url:http://www.oracle.com/index.html

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-5300

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7703

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7853

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7704

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:http://slackware.com

Trust: 0.2

url:http://slackware.com/gpg-key

Trust: 0.2

url:http://osuosl.org)

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5219

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5194

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5146

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5195

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7848

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7849

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7854

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7851

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9750

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2015:2520

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ics-cert.us-cert.gov/advisories/icsa-15-356-01

Trust: 0.1

url:https://usn.ubuntu.com/2783-1/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5300

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1548

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1550

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1549

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1547

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2518

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8138

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2783-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:http://talosintel.com/vulnerability-reports/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9751

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3405

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853

Trust: 0.1

sources: CERT/CC: VU#718152 // VULMON: CVE-2015-7704 // BID: 77280 // BID: 92012 // JVNDB: JVNDB-2015-007700 // PACKETSTORM: 134093 // PACKETSTORM: 138803 // PACKETSTORM: 136864 // PACKETSTORM: 134542 // PACKETSTORM: 134102 // PACKETSTORM: 134034 // PACKETSTORM: 134162 // PACKETSTORM: 134137 // CNNVD: CNNVD-201510-585 // NVD: CVE-2015-7704

CREDITS

Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg from Boston University

Trust: 0.3

sources: BID: 77280

SOURCES

db:CERT/CCid:VU#718152
db:VULMONid:CVE-2015-7704
db:BIDid:77280
db:BIDid:92012
db:JVNDBid:JVNDB-2015-007700
db:PACKETSTORMid:134093
db:PACKETSTORMid:138803
db:PACKETSTORMid:136864
db:PACKETSTORMid:134542
db:PACKETSTORMid:134102
db:PACKETSTORMid:134034
db:PACKETSTORMid:134162
db:PACKETSTORMid:134137
db:CNNVDid:CNNVD-201510-585
db:NVDid:CVE-2015-7704

LAST UPDATE DATE

2024-11-11T19:48:17.581000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#718152date:2016-04-28T00:00:00
db:VULMONid:CVE-2015-7704date:2020-06-18T00:00:00
db:BIDid:77280date:2017-05-23T16:23:00
db:BIDid:92012date:2016-11-24T01:13:00
db:JVNDBid:JVNDB-2015-007700date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201510-585date:2021-11-08T00:00:00
db:NVDid:CVE-2015-7704date:2021-11-17T22:15:44.397

SOURCES RELEASE DATE

db:CERT/CCid:VU#718152date:2016-04-27T00:00:00
db:VULMONid:CVE-2015-7704date:2017-08-07T00:00:00
db:BIDid:77280date:2015-10-21T00:00:00
db:BIDid:92012date:2016-07-19T00:00:00
db:JVNDBid:JVNDB-2015-007700date:2017-09-06T00:00:00
db:PACKETSTORMid:134093date:2015-10-27T03:38:46
db:PACKETSTORMid:138803date:2016-09-21T17:24:00
db:PACKETSTORMid:136864date:2016-05-02T21:38:58
db:PACKETSTORMid:134542date:2015-11-27T18:25:38
db:PACKETSTORMid:134102date:2015-10-27T23:30:50
db:PACKETSTORMid:134034date:2015-10-21T19:22:22
db:PACKETSTORMid:134162date:2015-11-02T16:48:39
db:PACKETSTORMid:134137date:2015-10-30T23:22:57
db:CNNVDid:CNNVD-201510-585date:2015-10-27T00:00:00
db:NVDid:CVE-2015-7704date:2017-08-07T20:29:00.683