Vulnerability-Lookup

CVE-2016-9310 (GCVE-0-2016-9310)

Vulnerability from cvelistv5 – Published: 2017-01-13 16:00 – Updated: 2024-08-06 02:50

Summary

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

12 references

URL	Tags
https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
http://support.ntp.org/bin/view/Main/NtpBug3118	x_refsource_CONFIRM
https://usn.ubuntu.com/3707-2/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/94452	vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0252.html	vendor-advisoryx_refsource_REDHAT
http://support.ntp.org/bin/view/Main/SecurityNoti…	x_refsource_CONFIRM
http://nwtime.org/ntp428p9_release/	x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/633847	third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id/1037354	vdb-entryx_refsource_SECTRACK
https://bto.bluecoat.com/security-advisory/sa139	x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-S…	vendor-advisoryx_refsource_FREEBSD

Date Public ?

2016-11-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:37.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
          },
          {
            "name": "USN-3707-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3707-2/"
          },
          {
            "name": "94452",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94452"
          },
          {
            "name": "RHSA-2017:0252",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nwtime.org/ntp428p9_release/"
          },
          {
            "name": "VU#633847",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/633847"
          },
          {
            "name": "1037354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
          },
          {
            "name": "FreeBSD-SA-16:39",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-24T10:57:02.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
        },
        {
          "name": "USN-3707-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3707-2/"
        },
        {
          "name": "94452",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94452"
        },
        {
          "name": "RHSA-2017:0252",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nwtime.org/ntp428p9_release/"
        },
        {
          "name": "VU#633847",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/633847"
        },
        {
          "name": "1037354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
        },
        {
          "name": "FreeBSD-SA-16:39",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9310",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3118",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
            },
            {
              "name": "USN-3707-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3707-2/"
            },
            {
              "name": "94452",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94452"
            },
            {
              "name": "RHSA-2017:0252",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
            },
            {
              "name": "http://nwtime.org/ntp428p9_release/",
              "refsource": "CONFIRM",
              "url": "http://nwtime.org/ntp428p9_release/"
            },
            {
              "name": "VU#633847",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/633847"
            },
            {
              "name": "1037354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037354"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa139",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa139"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
            },
            {
              "name": "FreeBSD-SA-16:39",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9310",
    "datePublished": "2017-01-13T16:00:00.000Z",
    "dateReserved": "2016-11-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:50:37.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-9310",
      "date": "2026-05-19",
      "epss": "0.03956",
      "percentile": "0.88487"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.2.8\", \"matchCriteriaId\": \"72A23255-B135-4A4C-A2BA-A93026C0F520\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a trav\\u00e9s de un paquete de modo de control manipulado.\"}]",
      "id": "CVE-2016-9310",
      "lastModified": "2024-11-21T03:00:56.853",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-13T16:59:00.857",
      "references": "[{\"url\": \"http://nwtime.org/ntp428p9_release/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0252.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.ntp.org/bin/view/Main/NtpBug3118\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94452\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1037354\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa139\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/3707-2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/633847\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://nwtime.org/ntp428p9_release/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0252.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.ntp.org/bin/view/Main/NtpBug3118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94452\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037354\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3707-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/633847\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9310\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-13T16:59:00.857\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a trav\u00e9s de un paquete de modo de control manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.8\",\"matchCriteriaId\":\"72A23255-B135-4A4C-A2BA-A93026C0F520\"}]}]}],\"references\":[{\"url\":\"http://nwtime.org/ntp428p9_release/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0252.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug3118\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94452\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1037354\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa139\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3707-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/633847\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://nwtime.org/ntp428p9_release/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0252.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug3118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3707-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/633847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CERTFR-2017-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans NTP. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

NTP versions antérieures à ntp-4.2.8p10

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité NTP du 21 mars 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eNTP versions ant\u00e9rieures \u00e0 ntp-4.2.8p10\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2016-7426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2016-7434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2016-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
    },
    {
      "name": "CVE-2016-7428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-090",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eNTP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans NTP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NTP du 21 mars 2017",
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
    }
  ]
}

CERTFR-2017-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper EX Series avec IPv6
Juniper Networks	Junos OS	Junos OS versions 15.1 et postérieures avec BGP
Juniper Networks	N/A	NorthStar Controller Application antérieures à la version 2.1.0 SP1
Juniper Networks	Junos OS	Junos OS
Juniper Networks	N/A	Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif

References

Title

Publication Time

Tags

Bulletin de sécurité JSA10776 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10778 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10781 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10785 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10780 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10783 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10786 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10777 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10784 Juniper du 12 avril 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper EX Series avec IPv6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 et post\u00e9rieures avec BGP",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller Application ant\u00e9rieures \u00e0 la version 2.1.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2322"
    },
    {
      "name": "CVE-2015-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
    },
    {
      "name": "CVE-2017-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2316"
    },
    {
      "name": "CVE-2017-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2328"
    },
    {
      "name": "CVE-2016-9131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9131"
    },
    {
      "name": "CVE-2015-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1349"
    },
    {
      "name": "CVE-2017-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2333"
    },
    {
      "name": "CVE-2015-5477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5477"
    },
    {
      "name": "CVE-2015-8158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2017-2319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2319"
    },
    {
      "name": "CVE-2013-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4450"
    },
    {
      "name": "CVE-2016-1886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1886"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2017-2334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2334"
    },
    {
      "name": "CVE-2017-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2332"
    },
    {
      "name": "CVE-2017-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2340"
    },
    {
      "name": "CVE-2017-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2325"
    },
    {
      "name": "CVE-2015-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4620"
    },
    {
      "name": "CVE-2017-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2329"
    },
    {
      "name": "CVE-2017-2318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2318"
    },
    {
      "name": "CVE-2017-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2320"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-2330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2330"
    },
    {
      "name": "CVE-2017-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2324"
    },
    {
      "name": "CVE-2017-2317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2317"
    },
    {
      "name": "CVE-2016-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1014"
    },
    {
      "name": "CVE-2016-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2776"
    },
    {
      "name": "CVE-2015-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
    },
    {
      "name": "CVE-2015-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
    },
    {
      "name": "CVE-2017-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2331"
    },
    {
      "name": "CVE-2017-2326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2326"
    },
    {
      "name": "CVE-2017-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2315"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2017-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2313"
    },
    {
      "name": "CVE-2017-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2323"
    },
    {
      "name": "CVE-2016-9147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9147"
    },
    {
      "name": "CVE-2017-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2327"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-8864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8864"
    },
    {
      "name": "CVE-2017-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2321"
    },
    {
      "name": "CVE-2017-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2312"
    },
    {
      "name": "CVE-2016-9444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9444"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10776 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10776\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10778 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10778\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10781 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10781\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10785 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10785\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10780 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10780\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10783 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10783\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10786 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10786\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10777 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10777\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10784 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10784\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-212

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CTPView 7.1, 7.2 et 7.3
N/A	N/A	CTPOS 7.0, 7.1, 7.2 et 7.3
N/A	N/A	ScreenOS versions antérieures à 6.3.0r24
Juniper Networks	Junos OS	Junos OS toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10797 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10794 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10789 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10800 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10793 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10791 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10775 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10795 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10790 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10779 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10787 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10799 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10796 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10792 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10798 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10782 du 12 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS 7.0, 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2341"
    },
    {
      "name": "CVE-2017-3135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3135"
    },
    {
      "name": "CVE-2017-2346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2346"
    },
    {
      "name": "CVE-2016-7426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
    },
    {
      "name": "CVE-2017-2347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2347"
    },
    {
      "name": "CVE-2017-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2338"
    },
    {
      "name": "CVE-2017-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2348"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-7434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
    },
    {
      "name": "CVE-2017-2336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2336"
    },
    {
      "name": "CVE-2017-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2337"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-10605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10605"
    },
    {
      "name": "CVE-2017-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2344"
    },
    {
      "name": "CVE-2017-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2345"
    },
    {
      "name": "CVE-2017-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2343"
    },
    {
      "name": "CVE-2017-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2339"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2016-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1887"
    },
    {
      "name": "CVE-2016-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
    },
    {
      "name": "CVE-2016-7428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
    },
    {
      "name": "CVE-2016-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3074"
    },
    {
      "name": "CVE-2017-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2314"
    },
    {
      "name": "CVE-2017-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2342"
    },
    {
      "name": "CVE-2017-2335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2335"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-212",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10797 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10797\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10794 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10794\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10789 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10789\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10800 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10800\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10793 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10793\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10791 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10791\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10775 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10795 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10795\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10790 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10790\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10779 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10779\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10787 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10799 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10799\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10796 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10796\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10792 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10792\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10798 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10798\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10782 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10782\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans NTP. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

NTP versions antérieures à ntp-4.2.8p10

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité NTP du 21 mars 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eNTP versions ant\u00e9rieures \u00e0 ntp-4.2.8p10\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2016-7426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2016-7434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2016-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
    },
    {
      "name": "CVE-2016-7428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-090",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eNTP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans NTP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NTP du 21 mars 2017",
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
    }
  ]
}

CERTFR-2017-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper EX Series avec IPv6
Juniper Networks	Junos OS	Junos OS versions 15.1 et postérieures avec BGP
Juniper Networks	N/A	NorthStar Controller Application antérieures à la version 2.1.0 SP1
Juniper Networks	Junos OS	Junos OS
Juniper Networks	N/A	Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif

References

Title

Publication Time

Tags

Bulletin de sécurité JSA10776 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10778 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10781 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10785 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10780 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10783 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10786 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10777 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10784 Juniper du 12 avril 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper EX Series avec IPv6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 et post\u00e9rieures avec BGP",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller Application ant\u00e9rieures \u00e0 la version 2.1.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2322"
    },
    {
      "name": "CVE-2015-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
    },
    {
      "name": "CVE-2017-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2316"
    },
    {
      "name": "CVE-2017-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2328"
    },
    {
      "name": "CVE-2016-9131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9131"
    },
    {
      "name": "CVE-2015-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1349"
    },
    {
      "name": "CVE-2017-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2333"
    },
    {
      "name": "CVE-2015-5477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5477"
    },
    {
      "name": "CVE-2015-8158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2017-2319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2319"
    },
    {
      "name": "CVE-2013-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4450"
    },
    {
      "name": "CVE-2016-1886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1886"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2017-2334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2334"
    },
    {
      "name": "CVE-2017-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2332"
    },
    {
      "name": "CVE-2017-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2340"
    },
    {
      "name": "CVE-2017-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2325"
    },
    {
      "name": "CVE-2015-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4620"
    },
    {
      "name": "CVE-2017-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2329"
    },
    {
      "name": "CVE-2017-2318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2318"
    },
    {
      "name": "CVE-2017-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2320"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-2330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2330"
    },
    {
      "name": "CVE-2017-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2324"
    },
    {
      "name": "CVE-2017-2317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2317"
    },
    {
      "name": "CVE-2016-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1014"
    },
    {
      "name": "CVE-2016-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2776"
    },
    {
      "name": "CVE-2015-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
    },
    {
      "name": "CVE-2015-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
    },
    {
      "name": "CVE-2017-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2331"
    },
    {
      "name": "CVE-2017-2326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2326"
    },
    {
      "name": "CVE-2017-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2315"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2017-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2313"
    },
    {
      "name": "CVE-2017-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2323"
    },
    {
      "name": "CVE-2016-9147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9147"
    },
    {
      "name": "CVE-2017-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2327"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-8864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8864"
    },
    {
      "name": "CVE-2017-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2321"
    },
    {
      "name": "CVE-2017-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2312"
    },
    {
      "name": "CVE-2016-9444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9444"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10776 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10776\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10778 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10778\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10781 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10781\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10785 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10785\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10780 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10780\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10783 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10783\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10786 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10786\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10777 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10777\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10784 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10784\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-212

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CTPView 7.1, 7.2 et 7.3
N/A	N/A	CTPOS 7.0, 7.1, 7.2 et 7.3
N/A	N/A	ScreenOS versions antérieures à 6.3.0r24
Juniper Networks	Junos OS	Junos OS toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10797 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10794 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10789 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10800 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10793 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10791 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10775 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10795 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10790 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10779 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10787 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10799 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10796 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10792 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10798 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10782 du 12 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS 7.0, 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2341"
    },
    {
      "name": "CVE-2017-3135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3135"
    },
    {
      "name": "CVE-2017-2346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2346"
    },
    {
      "name": "CVE-2016-7426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
    },
    {
      "name": "CVE-2017-2347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2347"
    },
    {
      "name": "CVE-2017-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2338"
    },
    {
      "name": "CVE-2017-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2348"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-7434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
    },
    {
      "name": "CVE-2017-2336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2336"
    },
    {
      "name": "CVE-2017-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2337"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-10605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10605"
    },
    {
      "name": "CVE-2017-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2344"
    },
    {
      "name": "CVE-2017-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2345"
    },
    {
      "name": "CVE-2017-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2343"
    },
    {
      "name": "CVE-2017-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2339"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2016-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1887"
    },
    {
      "name": "CVE-2016-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
    },
    {
      "name": "CVE-2016-7428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
    },
    {
      "name": "CVE-2016-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3074"
    },
    {
      "name": "CVE-2017-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2314"
    },
    {
      "name": "CVE-2017-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2342"
    },
    {
      "name": "CVE-2017-2335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2335"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-212",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10797 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10797\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10794 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10794\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10789 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10789\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10800 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10800\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10793 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10793\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10791 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10791\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10775 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10795 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10795\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10790 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10790\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10779 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10779\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10787 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10799 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10799\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10796 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10796\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10792 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10792\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10798 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10798\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10782 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10782\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CNVD-2016-11424

Vulnerability from cnvd - Published: 2016-11-23

Title

ntpd控制模式（模式6）功能存在可利用配置修改漏洞

Description

Network Time Protocol（NTP）是用于使计算机时间同步化的一种协议，可使计算机对其服务器或时钟源（如石英钟，GPS等等)做同步化。把计算机的时钟同步到世界协调时，以确保网络中的数据交互能够顺利进行。NTPD（Network Time Protocol daemon）是一个操作系统守护进程，使用网络时间协议（NTP）与时间服务器的系统时间保持同步，主要用于主机与主机之间的时间同步。 ntpd控制模式（模式6）功能存在可利用配置修改漏洞。攻击者可以通过发送精心构造的控制模式数据包造成信息泄露和拒绝服务攻击。

Severity

中

Patch Name

ntpd控制模式（模式6）功能存在可利用配置修改漏洞的补丁

Patch Description

Formal description

官方已经发布了版本更新，建议用户升级到最新版本，下载链接如下： http://support.ntp.org/bin/view/Main/SoftwareDownloads

Reference

http://www.securityfocus.com/bid/94452

Impacted products

Name
['Ntp NTPd >=ntp-4.3.0，<ntp-4.3.94', 'Ntp NTPd >=ntp-4.0.90，<ntp-4.2.8p9']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94452"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9310"
    }
  },
  "description": "Network Time Protocol\uff08NTP\uff09\u662f\u7528\u4e8e\u4f7f\u8ba1\u7b97\u673a\u65f6\u95f4\u540c\u6b65\u5316\u7684\u4e00\u79cd\u534f\u8bae\uff0c\u53ef\u4f7f\u8ba1\u7b97\u673a\u5bf9\u5176\u670d\u52a1\u5668\u6216\u65f6\u949f\u6e90\uff08\u5982\u77f3\u82f1\u949f\uff0cGPS\u7b49\u7b49)\u505a\u540c\u6b65\u5316\u3002\u628a\u8ba1\u7b97\u673a\u7684\u65f6\u949f\u540c\u6b65\u5230\u4e16\u754c\u534f\u8c03\u65f6\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u4e2d\u7684\u6570\u636e\u4ea4\u4e92\u80fd\u591f\u987a\u5229\u8fdb\u884c\u3002NTPD\uff08Network Time Protocol daemon\uff09\u662f\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4f7f\u7528\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\uff08NTP\uff09\u4e0e\u65f6\u95f4\u670d\u52a1\u5668\u7684\u7cfb\u7edf\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u4e3b\u8981\u7528\u4e8e\u4e3b\u673a\u4e0e\u4e3b\u673a\u4e4b\u95f4\u7684\u65f6\u95f4\u540c\u6b65\u3002\r\n\r\nntpd\u63a7\u5236\u6a21\u5f0f\uff08\u6a21\u5f0f6\uff09\u529f\u80fd\u5b58\u5728\u53ef\u5229\u7528\u914d\u7f6e\u4fee\u6539\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684\u63a7\u5236\u6a21\u5f0f\u6570\u636e\u5305\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u548c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Matthew Van Gundy of Cisco ASIG",
  "formalWay": "\u5b98\u65b9\u5df2\u7ecf\u53d1\u5e03\u4e86\u7248\u672c\u66f4\u65b0\uff0c\u5efa\u8bae\u7528\u6237\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff0c\u4e0b\u8f7d\u94fe\u63a5\u5982\u4e0b\uff1a\r\nhttp://support.ntp.org/bin/view/Main/SoftwareDownloads",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11424",
  "openTime": "2016-11-23",
  "patchDescription": "Network Time Protocol\uff08NTP\uff09\u662f\u7528\u4e8e\u4f7f\u8ba1\u7b97\u673a\u65f6\u95f4\u540c\u6b65\u5316\u7684\u4e00\u79cd\u534f\u8bae\uff0c\u53ef\u4f7f\u8ba1\u7b97\u673a\u5bf9\u5176\u670d\u52a1\u5668\u6216\u65f6\u949f\u6e90\uff08\u5982\u77f3\u82f1\u949f\uff0cGPS\u7b49\u7b49)\u505a\u540c\u6b65\u5316\u3002\u628a\u8ba1\u7b97\u673a\u7684\u65f6\u949f\u540c\u6b65\u5230\u4e16\u754c\u534f\u8c03\u65f6\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u4e2d\u7684\u6570\u636e\u4ea4\u4e92\u80fd\u591f\u987a\u5229\u8fdb\u884c\u3002NTPD\uff08Network Time Protocol daemon\uff09\u662f\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4f7f\u7528\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\uff08NTP\uff09\u4e0e\u65f6\u95f4\u670d\u52a1\u5668\u7684\u7cfb\u7edf\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u4e3b\u8981\u7528\u4e8e\u4e3b\u673a\u4e0e\u4e3b\u673a\u4e4b\u95f4\u7684\u65f6\u95f4\u540c\u6b65\u3002\r\n\r\nntpd\u63a7\u5236\u6a21\u5f0f\uff08\u6a21\u5f0f6\uff09\u529f\u80fd\u5b58\u5728\u53ef\u5229\u7528\u914d\u7f6e\u4fee\u6539\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684\u63a7\u5236\u6a21\u5f0f\u6570\u636e\u5305\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u548c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ntpd\u63a7\u5236\u6a21\u5f0f\uff08\u6a21\u5f0f6\uff09\u529f\u80fd\u5b58\u5728\u53ef\u5229\u7528\u914d\u7f6e\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ntp NTPd \u003e=ntp-4.3.0\uff0c\u003cntp-4.3.94",
      "Ntp NTPd \u003e=ntp-4.0.90\uff0c\u003cntp-4.2.8p9"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/94452",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-23",
  "title": "ntpd\u63a7\u5236\u6a21\u5f0f\uff08\u6a21\u5f0f6\uff09\u529f\u80fd\u5b58\u5728\u53ef\u5229\u7528\u914d\u7f6e\u4fee\u6539\u6f0f\u6d1e"
}

FKIE_CVE-2016-9310

Vulnerability from fkie_nvd - Published: 2017-01-13 16:59 - Updated: 2026-05-13 00:24

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Summary

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

References

URL	Tags
cve@mitre.org	http://nwtime.org/ntp428p9_release/	Release Notes, Vendor Advisory
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2017-0252.html
cve@mitre.org	http://support.ntp.org/bin/view/Main/NtpBug3118	Issue Tracking, Mitigation, Vendor Advisory
cve@mitre.org	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/94452
cve@mitre.org	http://www.securitytracker.com/id/1037354
cve@mitre.org	https://bto.bluecoat.com/security-advisory/sa139
cve@mitre.org	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
cve@mitre.org	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
cve@mitre.org	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us
cve@mitre.org	https://usn.ubuntu.com/3707-2/
cve@mitre.org	https://www.kb.cert.org/vuls/id/633847	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://nwtime.org/ntp428p9_release/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2017-0252.html
af854a3a-2127-422b-91ae-364da2661108	http://support.ntp.org/bin/view/Main/NtpBug3118	Issue Tracking, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94452
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037354
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa139
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3707-2/
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/633847	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	ntp	ntp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*",
              "matchCriteriaId": "72A23255-B135-4A4C-A2BA-A93026C0F520",
              "versionEndIncluding": "4.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a trav\u00e9s de un paquete de modo de control manipulado."
    }
  ],
  "id": "CVE-2016-9310",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-13T16:59:00.857",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://nwtime.org/ntp428p9_release/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/94452"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1037354"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bto.bluecoat.com/security-advisory/sa139"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3707-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/633847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://nwtime.org/ntp428p9_release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bto.bluecoat.com/security-advisory/sa139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3707-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/633847"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X99C-5HJH-5P3R

Vulnerability from github – Published: 2022-05-14 01:39 – Updated: 2025-04-20 03:31

Details

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-13T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.",
  "id": "GHSA-x99c-5hjh-5p3r",
  "modified": "2025-04-20T03:31:11Z",
  "published": "2022-05-14T01:39:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9310"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa139"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3707-2"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/633847"
    },
    {
      "type": "WEB",
      "url": "http://nwtime.org/ntp428p9_release"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94452"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037354"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-9310

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

Aliases

CVE-2016-9310

Aliases

CVE-2016-9310

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9310",
    "description": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.",
    "id": "GSD-2016-9310",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-9310.html",
      "https://access.redhat.com/errata/RHSA-2017:0252",
      "https://ubuntu.com/security/CVE-2016-9310",
      "https://advisories.mageia.org/CVE-2016-9310.html",
      "https://security.archlinux.org/CVE-2016-9310",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-9310.html",
      "https://linux.oracle.com/cve/CVE-2016-9310.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9310"
      ],
      "details": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.",
      "id": "GSD-2016-9310",
      "modified": "2023-12-13T01:21:22.050463Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-9310",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
          },
          {
            "name": "http://support.ntp.org/bin/view/Main/NtpBug3118",
            "refsource": "CONFIRM",
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
          },
          {
            "name": "USN-3707-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3707-2/"
          },
          {
            "name": "94452",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94452"
          },
          {
            "name": "RHSA-2017:0252",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
          },
          {
            "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
            "refsource": "CONFIRM",
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
          },
          {
            "name": "http://nwtime.org/ntp428p9_release/",
            "refsource": "CONFIRM",
            "url": "http://nwtime.org/ntp428p9_release/"
          },
          {
            "name": "VU#633847",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/633847"
          },
          {
            "name": "1037354",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037354"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa139",
            "refsource": "CONFIRM",
            "url": "https://bto.bluecoat.com/security-advisory/sa139"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
          },
          {
            "name": "FreeBSD-SA-16:39",
            "refsource": "FREEBSD",
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9310"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#633847",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/633847"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3118",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
            },
            {
              "name": "http://nwtime.org/ntp428p9_release/",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "http://nwtime.org/ntp428p9_release/"
            },
            {
              "name": "94452",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/94452"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa139",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bto.bluecoat.com/security-advisory/sa139"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
            },
            {
              "name": "1037354",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037354"
            },
            {
              "name": "FreeBSD-SA-16:39",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
            },
            {
              "name": "RHSA-2017:0252",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
            },
            {
              "name": "USN-3707-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/3707-2/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2019-01-24T11:29Z",
      "publishedDate": "2017-01-13T16:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9310 (GCVE-0-2016-9310)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature